× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Maybe *SAVSYS for users who do restores rather than *ALLOBJ.

https://www.ibm.com/docs/en/i/7.5?topic=information-savsys-special-authority


On Wed, Sep 28, 2022 at 5:53 AM Rob Berendt <rob@xxxxxxxxx> wrote:

I have a "best practices" question when it comes to IBM i 7.5 and BRMS. In
the MTU for 7.5 IBM notes that they changed the *PUBLIC authority for the
BRMS files from *USE to *EXCLUDE. This causes an issue when someone without
*ALLOBJ authority tries to restore using RSTLIBBRM as it cannot read the
files. I noticed this on a 'remote' restore RSTLIBBRM FROMSYS(...). So how
do you resolve this?
1: Have someone with *ALLOBJ do your restores?
2: Submit "idea" to change it back?
3: Change *PUBLIC back to *USE and put that in your IPL program to fix it
after each ptf, release upgrade, etc?
4: Change *PUBLIC from *EXCLUDE to *AUTL and put an authorization list on
it?
5: Write wrapper programs to do restores which adopt authority?
6: Give *ALLOBJ to everyone who does restores?
7: Write the password for QSECOFR on your whiteboard?
I could not find an "idea" which requested that they change the authority.
What problem does it cause to have people read these files with only *USE?
Find what tapes hold certain objects and make sure you grab those tapes too
after you maliciously scrambled the objects?

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rob
Berendt
Sent: Tuesday, September 27, 2022 11:04 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: Has authority changed on QUSRBRM/QA1AAU with 7.5?

My bad:

https://www.ibm.com/docs/en/i/7.5?topic=programs-backup-recovery-media-services-5770-br1
BRMS database
The default for the BRMS shipped database is changing from *PUBLIC *USE
authority to *PUBLIC *EXCLUDE.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rob
Berendt
Sent: Tuesday, September 27, 2022 11:00 AM
To: midrange400 midrange400 midrange400 <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Has authority changed on QUSRBRM/QA1AAU with 7.5?

I'm trying to determine if the authority changed on QUSRBRM/QA1AAU with
the upgrade to IBM i 7.5 or if we had lowered it on IBM i 7.4.
Basically if you do a RSTLIBBRM from a remote system and you do not have
*ALLOBJ it is starting to fail as the file QUSRBRM/QA1AAU is *PUBLIC
*EXCLUDE. I'm trying to determine if it was that way and we simply changed
the authority back when we upgraded to 7.4 or if this is new at 7.5.
So, on your 7.4 systems if you do a DSPOBJAUT OBJ(QUSRBRM/QA1AAU)
OBJTYPE(*FILE) do you *PUBLIC at *USE or *EXCLUDE?

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2023 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.