× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. May 2007

RE: Non-Limited profile and QUSCMDLN

Scott,

I did not remember correctly. You are correct. Dave will want to scan
for Y rather than N.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Ingvaldson, Scott
Sent: Thursday, May 31, 2007 2:05 PM
To: Midrange Systems Technical Discussion
Subject: RE: Non-Limited profile and QUSCMDLN


IIRC, the N indicates that the command was called from either a command
line or a menu option.

Regards,

Scott Ingvaldson
System i Administrator
GuideOne Mutual Insurance Company


-----Original Message-----
From: Gary Monnier [mailto:gary.monnier@xxxxxxxxxxxxx]
Sent: Thursday, May 31, 2007 3:24 PM
To: Midrange Systems Technical Discussion
Subject: RE: Non-Limited profile and QUSCMDLN

Dave,

Use DSPJRN for journal entry type T entry code CD. In position 30 of
the data is a flag for "run from a CL program". You want to look at
those that have an N in position 30.

A more robust solution is to get PowerTech's Authority Broker product.
It has all the stuff you're looking for built in but, then again, I'm
biased.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Turnidge, Dave
Sent: Thursday, May 31, 2007 1:13 PM
To: Midrange Systems Technical Discussion
Subject: Non-Limited profile and QUSCMDLN


We have what I would consider a security hole in our iSystems. All
users, except for developers and Support Center staff, are Limited
Users. This means that they cannot enter (most) commands on a command
line. However, developers and Support Center staff CAN enter commands on
the command line. The bigger problem is that when they are on a
production menu, and request a command line, they have adopted
production authority. They could then pretty much do what they want.

Removing the command line is not on our list of things to do, so I am
attempting to track when the command line IS used by anyone so I can
track the commands entered.

I have looked through QAUDJRN, and see the command being entered, but
nothing that tells me that they have requested the command line or are
working from a command line. Is there any way to determine this?

Thank you,

Dave


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.