Yes the user can do damage.
- He can use any file editor, even Excel, from his PC to download, update,
change, delete unsecured data.
- He can get into spool files from unsecured output queues. We had a user
who complained her check wasn't right. However she was looking at the
spool file and matched the stub for the check after hers with her check.
We promoted her to Director of Personnel. Seriously.
- They can use iNav to do all sorts of fun stuff to unsecured data and
output queues.
Study the concept "Program Only Access". Basically it says the user does
not have authority to the data. Only programs which adopt authority (or
use profile switching) do. Therefore if they do are not running one of
your programs then they can't use the data.
Relying on menu based security died with the S/34 - if not sooner.
By the was FTP does too respect limit capabilities.
CRTUSRPRF USRPRF(DUMMY) LMTCPB(*YES)
ftp mysamesys
quote rcmd crtpf qgpl/bubbarocks rcdlen(10)
550-Error occurred on command crtpf qgpl/bubbarocks rcdlen(10).
550 Error found on CRTPF command..
quote rcmd dspjob output(*print)
250 Command dspjob output(*print) successful.
QUIT
DSPCMD CRTPF
Allow limited user . . . . . . . . . . : *NO
DSPCMD DSPJOB
Allow limited user . . . . . . . . . . : *YES
However, unless you've secured the data, or correctly employ ftp exit
points, then nothing stops the user from GETting data via ftp,
manipulating it, and PUTting it back.
Rob Berendt
midrange.com
