× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



You can take out ALL the guess work. The operating system has support to give you the info you need. Authority Collection, you turn it on, and a flight recorded is created that records EVERY object and the Authority needed, and how the user got access to that object. You can do this on a per user basis or by object.

https://www.ibm.com/docs/en/i/7.3?topic=reference-authority-collection

Its also all controllable using Navigator.

Turn it on for the 9 users.. have them run for a day or 2.. and now you can see every object they touched, and what the actual authority need is. Give you the exact details so you can make the change to remove *ALLOBJ without breaking things.

Thanks Tim

[Logo Description automatically generated]Tim Rowe - timmr@xxxxxxxxxx<mailto:timmr@xxxxxxxxxx>
STSM – Application Development & Systems Management
IBM i ISV Council
IBM i Development Lab, Rochester MN
507-250-1293

ACS - http://ibm.biz/IBMi_ACS
Navigator - http://ibm.biz/IBMi_Nav4i



message: 1
date: Mon, 13 May 2024 14:04:32 +0000 (UTC)
from: "ubelhor@xxxxxxxxxxxxx" <ubelhor@xxxxxxxxxxxxx>
subject: Re: Users with *ALLOBJ

They think that they do because of an application that creates temporary work files that are used by multiple users and also because they need to transfer files from the IBM i to the network or their desktop.? ?Our thought is to work on the access 1 user at a time until we are through the 9 users left with *ALLOBJ.? ?They have a concern if we take the authority away something will be messed up that can't be recreated but think likely once we have success working with getting all working for 1 system user we will have a better idea.? ?We were considering using the security audit journal to gather information but I'm thinking instead we just take away the authority and address as needed.
Regards,Laura
Laura A. UbelhorPresidentConsultech Services, Inc.www.consultechservicesinc.com
phone 248-701-7410

On Sunday, May 12, 2024 at 12:19:08 AM EDT, Roger Harman <roger.harman@xxxxxxxxxxx> wrote:

My first thought was...? Why do the *users* know, or think they know, that they need *ALLOBJ authority?

That's kind of getting into the weeds for end-users.

Roger Harman
COMMON Certified Application Developer - ILE RPG on IBM i on Power



*******************************************

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.