× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2020

Re: File protection basics

Exactly - that's why I gave a +1 to Charles Wilt's reply, as seen below - I probably neglected to say why we called the help desk - it was what we were required to do any time we needed to do just what you describe here, to fix the occasional item. But it was never done without an audit trail.

On 10/2/2020 12:52 PM, Rob Berendt wrote:
Vern,
I don't do a whole lot of end user support these days so it's easier for me to speak in absolutes but I do admit there's times when a programmer has had to go in to fix a few items. A good example might be an order locked flag in a file that did not get cleared when the session ended abnormally.
But willy-nilly use of UPDDTA and stuff has been used in the past too. For fraudulent reasons.

Rob Berendt
-- IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail to: 7310 Innovation Blvd, Suite 104 Ft. Wayne, IN 46818 Ship to: 7310 Innovation Blvd, Dock 9C Ft. Wayne, IN 46818 http://www.dekko.com -----Original Message----- From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Vernon Hamberg Sent: Friday, October 2, 2020 1:31 PM To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx> Subject: Re: File protection basics CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. +1 At another employer we had to call the help desk, who would record it and give us access to a program we would inherit authority from. I don't remember if we had view authority there. I think view authority - other than things like compensation and other personal data - I think that is usually OK. But not *CHANGE. Vern On 10/2/2020 11:32 AM, Charles Wilt wrote:
While Vern has some good ideas, and I agree that no developer should
regularly be able to make changes in production.. sometimes developer's
need access to production.

In that case, there should be some sort of documented process to allow them
to gain elevated access...preferably one that then logs everything they do
for review.

You could roll your own, but there are third party apps to facilitate this.
https://www.helpsystems.com/products/identification-and-access-management-software-ibm-i

Charles


On Fri, Oct 2, 2020 at 9:02 AM Gad Miron<gadmiron@xxxxxxxxx> wrote:

And while we're grappling with the issue..

How do I strip Programers on our Prod machine of their (*ALLOBJ) Authority
and still let them debug and fix any/all PGMs/Files

TIA
Gad

Then I thought why not create a user profile with no special authorities
and see how it affects me when I use it.
</snip>
That's not a bad plan. Be sure to use that as your primary, until you run
into a road block you have to immediately address and just have to use your
existing profile.

It also might be a good idea to contact a power user you have a good
relationship with (buying a doughnut is a good idea on our side of the
pond) and trying that with them also.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email:MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:https://lists.midrange.com/mailman/listinfo/midrange-l
or email:MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
athttps://archive.midrange.com/midrange-l.

Please contactsupport@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link:https://amazon.midrange.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email:MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:https://lists.midrange.com/mailman/listinfo/midrange-l
or email:MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
athttps://archive.midrange.com/midrange-l.

Please contactsupport@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link:https://amazon.midrange.com
-- This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: https://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx Before posting, please take a moment to review the archives at https://archive.midrange.com/midrange-l. Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions. Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.