without *allobj, i should not even see the existence of objects I am *excluded from. viewing a job log could show how some of the defenses work. jim ----- Original Message ----- From: <rob@xxxxxxxxx> To: "'Midrange Systems Technical Discussion'" <midrange-l@xxxxxxxxxxxx> Sent: Monday, March 29, 2004 2:46 PM Subject: Turning off the requirement to have *allobj to look at the joblog of a currently running *ALLOBJ job. > Some of my people here were in the habit of always submitting certain jobs > under user profiles with *ALLOBJ. Really frustrated them when we > installed a certain release of OS years back and they could no longer look > at the job log if they didn't have *ALLOBJ authority themselves. I > figured out how to turn this off so they could still look at these > joblogs. It's under the host part of application administration under > iSeries Navigator. > > Honestly I am a little reluctant to do so. They've finally started > cleaning up the process (getting their authorization lists right, not > submitting the jobs under an *ALLOBJ kind of person, etc.) and I hate to > derail that train. > > I never figured out what the big security breach was to look at the joblog > of a job running under a user with *ALLOBJ. Is there any valid concern? > > Rob Berendt > -- > Group Dekko Services, LLC > Dept 01.073 > PO Box 2000 > Dock 108 > 6928N 400E > Kendallville, IN 46755 > http://www.dekko.com > > _______________________________________________ > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list > To post a message email: MIDRANGE-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. > >
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.