× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2005

RE: Special Authority *SERVICE

Here's a bit from a KB article on special authorities:

Service (*SERVICE) Special Authority 

Service (*SERVICE) special authority allows the user to start system service 
tools using the STRSST command. It allows the user to debug a program with only 
*USE authority to the program and perform the display and alter service 
functions. The dump function can be performed without *SERVICE authority. 

Risks: A user with *SERVICE special authority can display and change 
confidential information using service functions. 

So the debug thing is for someone without much authority to a program 
otherwise, I guess.
-------------- Original message -------------- 

> 
> 
> 
> 
> This person should not be debugging programs. I'm the one who would do 
> that or possibly my boss, and he would probably ask me to do it. This 
> person works with EDI. Eric's previous message said that it could be used 
> for a communications trace but that would still be stretching things quite 
> a bit for this person's job function. 
> 
> 
> Dave Parnin 
> Nishikawa Standard Company 
> Topeka, IN 46571 
> daparnin@xxxxxxxxxxxxxx 
> 
> 
> 
> 
> 
> rob@xxxxxxxxx 
> Sent by: To: Midrange Systems 
> Technical Discussion 
> midrange-l-bounces@m 
> idrange.com cc: 
> Subject: RE: Special 
> Authority *SERVICE 
> 
> 04/29/2005 02:41 PM 
> Please respond to 
> Midrange Systems 
> Technical Discussion 
> 
> 
> 
> 
> 
> Half of those commands were commands commonly used in debugging a program. 
> Hopefully that level of access is no longer needed (it was a V4R3 source, 
> right?). 
> 
> I wonder if a clue would be anything with QSRV listed as having access 
> DSPOBJAUT OBJ(STRSST) OBJTYPE(*CMD) 
> 
> There is a WRKOBJOWN command but I don't see a WRKOBJUSR command. 
> 
> Rob Berendt 
> -- 
> Group Dekko Services, LLC 
> Dept 01.073 
> PO Box 2000 
> Dock 108 
> 6928N 400E 
> Kendallville, IN 46755 
> http://www.dekko.com 
> 
> 
> 
> 
> 
> "Eric Graeb" 
> Sent by: midrange-l-bounces@xxxxxxxxxxxx 
> 04/29/2005 02:00 PM 
> Please respond to 
> Midrange Systems Technical Discussion 
> 
> 
> To 
> "'Midrange Systems Technical Discussion'" 
> cc 
> 
> Subject 
> RE: Special Authority *SERVICE 
> 
> 
> 
> 
> 
> 
> Did a search on IBM and found these: 
> 
> "OS/400 CL Reference V4R3" 
> 9 topics have matches for: SERVICE special authority 
> CHKCMNTRC (Check Communications Trace) Command, 3.1.341 
> ADDPGM (Add Program) Command, 3.1.61 
> CHGHLLPTR (Change High-Level Language Pointer) Command, 3.1.206 
> CHGPGMVAR (Change Program Variable) Command, 3.1.278 
> CHGPTR (Change Pointer) Command, 3.1.288 
> DSPPGMVAR (Display Program Variable) Command, 3.1.760 
> STRSST (Start System Service Tools) Command, 3.1.1265 
> PRTUSRPRF (Print User Profile) Command, 3.1.957 
> STRDBG (Start Debug) Command, 3.1.1218 
> 
> Hope this helps. 
> 
> 
> -----Original Message----- 
> From: midrange-l-bounces@xxxxxxxxxxxx 
> [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of 
> daparnin@xxxxxxxxxxxxxx 
> Sent: Friday, April 29, 2005 1:21 PM 
> To: midrange-l@xxxxxxxxxxxx 
> Subject: Special Authority *SERVICE 
> 
> 
> 
> 
> 
> I happened to notice that the security of a person who used to be in the 
> I.T. department still has the special authority of *SERVICE. My hunch is 
> that they don't need this anymore. What actually does this give them? 
> Access to SST? Both the help text and Infocenter say "Service authority 
> is 
> granted to this user. The user can perform service functions." That's 
> like saying my cat can walk on four legs because he has four legs. I 
> didn't find anything in the archives. Thanks. 
> 
> 
> 
> -- 
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing 
> list 
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx 
> To subscribe, unsubscribe, or change list options, 
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l 
> or email: MIDRANGE-L-request@xxxxxxxxxxxx 
> Before posting, please take a moment to review the archives 
> at http://archive.midrange.com/midrange-l. 
> 
> 
> -- 
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list 
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx 
> To subscribe, unsubscribe, or change list options, 
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l 
> or email: MIDRANGE-L-request@xxxxxxxxxxxx 
> Before posting, please take a moment to review the archives 
> at http://archive.midrange.com/midrange-l. 
> 
> 
> -- 
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list 
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx 
> To subscribe, unsubscribe, or change list options, 
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l 
> or email: MIDRANGE-L-request@xxxxxxxxxxxx 
> Before posting, please take a moment to review the archives 
> at http://archive.midrange.com/midrange-l. 
>

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.