On 6/6/2011 8:24 AM, Vern Hamberg wrote:
Hi JoeIt's an IBM-written upgrade script for WebSphere Commerce.
I'm coming in late - and this is in regard to your original thread - you
said IBM, or WebSphere, wanted access to QADBXREF. I hope I didn't miss
something here, so please bear with me. Was this on a support call? Or
was this some application requirement? It all sounds very strange, as
Chuck and others had pointed out.
Another question - you expressed reticence at granting "IBM" (whateverI have no problem giving someone from support access to whatever they
context that comprised) *ALLOBJ - would you have allowed a service tech
that kind of access, or given them the password for QSECOFR?
need to perform their job, and certainly there are times when a support
analyst needs more access than one would normally grant a typical user
(albeit temporary and limited). However, I have real problem with
application software requiring *ALLOBJ or QSECOFR, even if it is IBM.
This is an upgrade, so no, there should not be a requirement for such
high levels of access.
This is interesting - I think the intent of IBM is to limit accessAnd that's my point exactly. If the script developers don't know enough
directly to the various QADB* PFs - to avoid all manner of dangerous
actions, whether intentional or accidental.
to use the correct files, then I most certainly don't want them running
around my system with *ALLOBJ access!