Although lack of authority to STRDBG gave no T-AF Authority Failure audit entry due to use of CHKOBJ instead of an explicit attempt to use the object and that the authority error CPF9802 was logged in the joblog, that did not prevent my ability to use Visual Explain; it was a simple SELECT * test. If however, my user did not have *JOBCTL special authority, I could not perform the Visual Explain function, and that logged a T-AF audit entry. This is because that authority is required to perform a STRDBMON, which _is_ required for Visual Explain. I wonder if debug being active, is required only for explaining CQE queries.? Or perhaps the issue experienced is in regard only to the missing optimizer messages, rather than a visual presentation.? My simple test was surely going to the SQE.

FWiW the QSYS/STRDBG [hopefully it is properly coded as such] is performed by an SQL CALL something.QCMDEXC; either the defined QSYS2 external procedure referencing QSYS/QCMDEXC, or directly to the *PGM QSYS/QCMDEXC. Knowing that could enable intercepting the request; of course replacing STRDBG with an effective Trojan Horse which is publicly authorized, and that performs some logic to determine if the request should be allowed, before either adopting to perform STRDBG or failing with a /disallowed/ message.

BTW, if you were to find that *LIBL/STRDBG were being used instead of either *SYSTEM/STRDBG or *NLVLIBL/STRDBG, then rather than trying to take advantage of it [because that effect should be expected to be changed/corrected], be sure to report it as a defect.

Regards, Chuck

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].