IIRC, the N indicates that the command was called from either a command
line or a menu option.
Regards,
Scott Ingvaldson
System i Administrator
GuideOne Mutual Insurance Company
-----Original Message-----
From: Gary Monnier [
mailto:gary.monnier@xxxxxxxxxxxxx]
Sent: Thursday, May 31, 2007 3:24 PM
To: Midrange Systems Technical Discussion
Subject: RE: Non-Limited profile and QUSCMDLN
Dave,
Use DSPJRN for journal entry type T entry code CD. In position 30 of
the data is a flag for "run from a CL program". You want to look at
those that have an N in position 30.
A more robust solution is to get PowerTech's Authority Broker product.
It has all the stuff you're looking for built in but, then again, I'm
biased.
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[
mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Turnidge, Dave
Sent: Thursday, May 31, 2007 1:13 PM
To: Midrange Systems Technical Discussion
Subject: Non-Limited profile and QUSCMDLN
We have what I would consider a security hole in our iSystems. All
users, except for developers and Support Center staff, are Limited
Users. This means that they cannot enter (most) commands on a command
line. However, developers and Support Center staff CAN enter commands on
the command line. The bigger problem is that when they are on a
production menu, and request a command line, they have adopted
production authority. They could then pretty much do what they want.
Removing the command line is not on our list of things to do, so I am
attempting to track when the command line IS used by anyone so I can
track the commands entered.
I have looked through QAUDJRN, and see the command being entered, but
nothing that tells me that they have requested the command line or are
working from a command line. Is there any way to determine this?
Thank you,
Dave
As an Amazon Associate we earn from qualifying purchases.