|
Yes I know. John Earl pointed out another way around it. I wouldn't try this method myself <grin> Just wanted to throw it out there for the OP. Hopefully, the user with *ALLOBJ who shouldn't have it but from whom it can't be taken away isn't experienced enough to figure out how to get around it. Which means the OP better hope the user isn't on this list! On the other hand, its been my experience that you can often take *ALLOBJ away from a non-expert user without the user realizing it. Charles Wilt -- iSeries Systems Administrator / Developer Mitsubishi Electric Automotive America ph: 513-573-4343 fax: 513-398-1121
-----Original Message----- From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Ingvaldson, Scott Sent: Wednesday, January 03, 2007 3:48 PM To: midrange-l@xxxxxxxxxxxx Subject: RE: Is DFU capability a part of the *ALLOBJ privlidge or can DFUbeseparately denied? Ummm, if the group has *ALLOBJ the user has enough authority to give it back to themselves! Regards, Scott Ingvaldson System i Administrator GuideOne Mutual Insurance Company -----Original Message----- date: Wed, 3 Jan 2007 13:20:47 -0500 from: "Wilt, Charles" <CWilt@xxxxxxxxxxxx> subject: RE: Is DFU capability a part of the *ALLOBJ privlidge or can DFUbe separately denied? *ALLOBJ means *ALLOBJ Security check goes something like, 1) Does the user have *ALLOBJ, then allow. 2) .... Now, if instead of the user having *ALLOBJ, you've given *ALLOBJ to the group profile the user belongs to, then you could explicitly deny the user access to the object; since the users individual permissions are check before his group profile permissions. HTH, Charles Wilt -- iSeries Systems Administrator / Developer Mitsubishi Electric Automotive America -- DISCLAIMER: This message and accompanying documents are covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, and contains information intended for the specified individual(s) only. This information is confidential. If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, copying, or the taking of any action based on the contents of this information is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message. -- This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.