× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Actually what I'm trying to do is gain an understanding what processes
in my shop require Special Authority... I was hoping to analyze the
audit journal for the last few months to get this information. 

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Al Mac
Sent: Thursday, March 23, 2006 4:10 PM
To: Midrange Systems Technical Discussion
Subject: Re: Special authority use ... Auditing

I have created some special groups which do and do not have certain 
authorities, then put users in the various groups.  This makes it easy
to 
change the rules on clusters of individuals.  They either do or do not
have 
security to do certain things.  This way I not have to manage all the
rules 
on each person.  Just add or remove the groups they in.

>I am working to remove or at least limit, the hundreds of  Special 
>Authorities that have been assigned to our user profiles.
>
>Is there a way to audit the use of a special authority like *SAVSYS?
>
>I've always had the QAUDLVL system value option *SAVRST set on, but it 
>apparently only tracks restore issues:
>
>*SAVRST
>     Save and restore information is audited.  The following are some
>     examples:
>      o  When programs that adopt their owner's user profile are
>         restored
>      o  When job descriptions that contain user names are restored
>      o  When ownership and authority information changes for objects
>         that are restored
>      o  When the authority for user profiles is restored
>      o  When a system state program is restored
>      o  When a system command is restored
>      o  When an object is restored
>
>I want to know when an operation performed by ANY user profile required

>the Special Authority *SAVSYS..
>
>Does anyone know how I might be able to do this? If it isn't
possible... 
>it sure should be!
>
>
>Kenneth
>
>****************************************
>Kenneth E. Graap
>IBM Certified Specialist
>iSeries Multiple System Administrator
>NW Natural (Gas Services)
>keg@xxxxxxxxxxxxx
>Phone: 503-226-4211 x5537
>FAX:    503-721-2518
>****************************************
>
>--
>This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
>To post a message email: MIDRANGE-L@xxxxxxxxxxxx
>To subscribe, unsubscribe, or change list options,
>visit: http://lists.midrange.com/mailman/listinfo/midrange-l
>or email: MIDRANGE-L-request@xxxxxxxxxxxx
>Before posting, please take a moment to review the archives
>at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.