× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2007

RE: Is DFU capability a part of the *ALLOBJ privlidge or can DFUbeseparately denied?

Yes I know.

John Earl pointed out another way around it.

I wouldn't try this method myself <grin>  Just wanted to throw it out
there for the OP.  Hopefully, the user with *ALLOBJ who shouldn't have
it but from whom it can't be taken away isn't experienced enough to
figure out how to get around it.

Which means the OP better hope the user isn't on this list!

On the other hand, its been my experience that you can often take
*ALLOBJ away from a non-expert user without the user realizing it.


Charles Wilt
--
iSeries Systems Administrator / Developer
Mitsubishi Electric Automotive America
ph: 513-573-4343
fax: 513-398-1121
  


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx 
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of 
Ingvaldson, Scott
Sent: Wednesday, January 03, 2007 3:48 PM
To: midrange-l@xxxxxxxxxxxx
Subject: RE: Is DFU capability a part of the *ALLOBJ 
privlidge or can DFUbeseparately denied?

Ummm, if the group has *ALLOBJ the user has enough authority 
to give it
back to themselves!

Regards,
 
Scott Ingvaldson
System i Administrator
GuideOne Mutual Insurance Company
 

-----Original Message-----
date: Wed, 3 Jan 2007 13:20:47 -0500
from: "Wilt, Charles" <CWilt@xxxxxxxxxxxx>
subject: RE: Is DFU capability a part of the *ALLOBJ privlidge or can
      DFUbe   separately denied?

*ALLOBJ means *ALLOBJ

Security check goes something like,
1) Does the user have *ALLOBJ, then allow.
2) ....

Now, if instead of the user having *ALLOBJ, you've given 
*ALLOBJ to the
group profile the user belongs to, then you could explicitly deny the
user access to the object; since the users individual permissions are
check before his group profile permissions.

HTH,


Charles Wilt
--
iSeries Systems Administrator / Developer
Mitsubishi Electric Automotive America
-- 


DISCLAIMER:
This message and accompanying documents are covered by the 
Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, 
and contains information intended for the specified 
individual(s) only. This information is confidential. If you 
are not the intended recipient or an agent responsible for 
delivering it to the intended recipient, you are hereby 
notified that you have received this document in error and 
that any review, dissemination, copying, or the taking of any 
action based on the contents of this information is strictly 
prohibited. If you have received this communication in error, 
please notify us immediately by e-mail, and delete the 
original message.

-- 
This is the Midrange Systems Technical Discussion 
(MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.