× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Amen .... <smile>


Kenneth
Kenneth E. Graap
http://www.linkedin.com/in/kennethgraap


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of John Earl
Sent: Tuesday, December 08, 2009 3:05 PM
To: Midrange Systems Technical Discussion
Subject: Re: STG(*FREE) on SAV* commands...

Ken,

The issue of the STG(*FREE) command just highlights the pre-existing
danger of people running with *SAVSYS special authority. Even
before there were save files there was the issue of a person with *SAVSYS special authority being able to save objects that they were *EXCLUDED to onto a tape and then transporting that tape to another system where they had sufficient authority to restore the tape and view data.

STG(*FREE) adds risk because it allows a person to save the data to
tape and effectively empty the contents of the object in the process.
The saving grace is that the data is on a tape somewhere that you should be able to restore it from that tape.

But *SAVF's changed the game completely. Now a user with *SAVSYS that is *EXCLUDED from a file doesn't need another system to view the data. They can just save it to a save file, restore it to their own library and view the data. And as you've pointed out, if some bozo saves to a SAVF with STG(*FREE) and then deletes the save file, the data is gone before you can say "Uh-oh".

So, I guess the moral is, don't give many people *SAVSYS. Give it to the programs that do your backups (through adopted authority), and give it to selected people, but it should not belong to anyone in the *PGMR class (and hasn't by default since V3R6), and it probably shouldn't be given to System Operators either - better to have them run programs that do a SAVxxx command than to allow them to freehand it.

JMHO,

jte





As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.