Re: Remove special authority (Rob Berendt) -- MIDRANGE-L

Good News Everybody!

The new search engine is LIVE!

Please report any problems to david (at) midrange.com.

Subject: Re: Remove special authority (Rob Berendt)
From: Rob Berendt <rob@xxxxxxxxx>
Date: Mon, 24 Sep 2018 11:26:58 -0400
List-archive: <https://archive.midrange.com/midrange-l/>
List-help: <mailto:midrange-l-request@midrange.com?subject=help>
List-id: Midrange Systems Technical Discussion <midrange-l.midrange.com>
List-post: <mailto:midrange-l@midrange.com>
List-subscribe: <https://lists.midrange.com/mailman/listinfo/midrange-l>, <mailto:midrange-l-request@midrange.com?subject=subscribe>
List-unsubscribe: <https://lists.midrange.com/mailman/options/midrange-l>, <mailto:midrange-l-request@midrange.com?subject=unsubscribe>

Actually, IBM provides a standard query for just such a thing.

-- category: IBM i Services
-- description: Security - Review *ALLOBJ users
--
-- Which users have *ALLOBJ authority either directly
-- or via a Group or Supplemental profile?
--
SELECT AUTHORIZATION_NAME, STATUS, NO_PASSWORD_INDICATOR, PREVIOUS_SIGNON,
TEXT_DESCRIPTION
FROM QSYS2.USER_INFO
WHERE SPECIAL_AUTHORITIES LIKE '%*ALLOBJ%' OR AUTHORIZATION_NAME IN
(SELECT USER_PROFILE_NAME
FROM
QSYS2.GROUP_PROFILE_ENTRIES
WHERE GROUP_PROFILE_NAME
IN (SELECT
AUTHORIZATION_NAME
FROM QSYS2.USER_INFO
WHERE
SPECIAL_AUTHORITIES LIKE '%*ALLOBJ%'))
ORDER BY AUTHORIZATION_NAME;

One really needs to toss STRSQL into the ash can and use "Run SQL
Scripts". Then use Edit, Insert from Examples.

Rob Berendt

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.