× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2006

RE: iSeries Navigator - Visual Explain

Tom - 

*JOBCTL is a very powerful authority, especially on a production system. 
Therefore, I believe *JOBCTL authority should be restricted to Administrators 
and Operators. Our auditing staff agrees too...

        Job control (*JOBCTL) special authority:

        The user is given the authority to change, display, hold,    
        release, cancel, and clear all jobs that are running on the  
        system or that are on a job queue or output queue that has   
        OPRCTL (*YES) specified.  The user also has the authority to 
        load the system, to start writers, and to stop active 
        subsystems.  

A programmer doesn't need this level of access in order to do their job. For 
example, they don't need to be able to end production jobs and/or production 
subsystems. Especially when there are tools available to allow display access 
to other user's jobs without being able to change or end them. If our system 
was just development system, then *JOBCTL special authority for developers 
wouldn't be a problem, but it is a production system.

As for granting *JOBCTL when needed, this could be done, but if there is a way 
around having to do this for this one feature of iSeries Navigator, that would 
be even better.

Kenneth                                          

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Tom Jedrzejewicz
Sent: Monday, October 09, 2006 12:37 PM
To: Midrange Systems Technical Discussion
Subject: Re: iSeries Navigator - Visual Explain


On 10/9/06, Graap, Kenneth <keg@xxxxxxxxxxxxx> wrote:


We only have one i5 server and this server is used to support developers
and production users. As part of our SOX compliance we have removed *JOBCTL
special authority from all of our developer profiles.



Can I ask why this was done?  What is exposed by *JOBCTL that has to be
shutdown?

That said, if Visual Explain is infrequently needed, you could put some
process in place to give the developers *JOBCTL on request for a limited
time.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.