Well, one way of coding security is to not put it in a PF, but to put it
in an authorization list (WRKAUTL). Then secure the program with that
Granted, if you are already using an authorization list on all your
programs and a different one for this program it can cause maintenance
headaches. For instance it rather shoots
CHGAUT OBJ('/qsys.lib/mylib.lib/*.pgm') AUTL(MYAUTL)
That, and the message thrown by PGMA when it calls PGMB which is secured
by the special authorization list may not be as friendly unless you
wrapped the CALL with an RPGLE Monitor code or a CL MONMSG code.
Keep in mind, that if you do use the file method that you have to restrict
how the user may otherwise call the program. For instance, if they have
command access and can manually type in CALL, or any of the other numerous
methods of executing a program. One way of handing that is to have the
final called program do the security check itself.
And putting the check into a service program may be a desirable
alternative. That way if you change the method from a file to whatever
none of the secured programs will have to change. They continue to
execute MayIRun(pgmname) and MayIRun returns an aye or nay.
This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact