× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2025

Re: List of commands that need special authority.

less brute force.

maybe this will work

https://www.ibm.com/docs/en/i/7.6.0?topic=services-command-info-view

Bryan

Vern Hamberg via MIDRANGE-L wrote on 4/22/2025 4:50 PM:
Hi Mike

How about a couple brute force methods?

1. OCR the Security PDF or pull Table 157. Maybe convert it into a spreadsheet, somehow.



    Authority needed
Command     Referenced object     For object    For library
CRTLINETH     Controller description (NETCTL)     *USE     *EXECUTE

    Line description
    *READ, *ADD

    Network interface description (NWI)     *USE     *EXECUTE

    Network server description (NWS)     *USE     *EXECUTE



2. DSPCMD to get the panel group for its help text
    a. DMPOBJ of the panel group
    b. Parse through the spooled file for parts of words like "estricti"
        i. I know, a tough assignment, right?

*Regards*

*Vern Hamberg*

IBM Champion 2025 <cid:part1.cnpltJqL.rjVbFXHW@centurylink.net> CAAC (COMMON Americas Advisory Council) IBM Influencer 2023

On 4/22/2025 4:03 PM, Smith, Michael via MIDRANGE-L wrote:
Jack,

To me that’s showing a ton of detail how you would have gotten access to run a command, like *USE, *ALLOBJ, or adopted authority.

I initially had a ticket opened with IBM because I couldn’t remember the Authority Collection piece and after going round with them with several emails, we determined that we cannot get the information I’m looking for through that process.

So, while it is valuable to know who has access to run a command like CRTLINETH, you still need a special authority to make it work.   So, I’m looking for a way to get all those commands.  Also helps if someone needs say *IOSYSCFG, to know what other commands (if they have *USE), they could possibly use.



From: Jack Woehr<jack.woehr@xxxxxxxxxxx>
Sent: Tuesday, April 22, 2025 4:46 PM
To: 'midrange-l@xxxxxxxxxxxxxxxxxx'<midrange-l@xxxxxxxxxxxxxxxxxx>
Cc: Smith, Michael<Mike.Smith@xxxxxxxxxxxxxxxxxxxx>
Subject: [EXTERNAL] Re: List of commands that need special authority

Security First: This is an external email. Use caution clicking links or opening attachments.
The answer is 42 🙂 i.e., SQL

See Authority collection views

https://www.ibm.com/docs/en/i/7.5.0?topic=collection-authority-views

Jack Woehr
Independent Consulting Programmer

[icon] 303-847-8442<tel:303-847-8442>

[icon]jack.woehr@xxxxxxxxxxx<mailto:jack.woehr@xxxxxxxxxxx>

[icon]www.procern.com<https://www.procern.com>

[icon] Stay Connected!<https://www.linkedin.com/company/procern- technology-solutions/>
[photo]
Not Just MSP, We Also MSSP.<https://procern.com/cyber-security- managed-services/>

NON-DISCLOSURE NOTICE: This communication including any and all attachments is for the intended recipient(s) only and may contain confidential and privileged information. If you are not the intended recipient of this communication, any disclosure, copying further distribution or use of this communication is prohibited. If you received this communication in error, please contact the sender and delete/destroy all copies of this communication immediately.



________________________________
From: MIDRANGE-L <midrange-l- bounces@xxxxxxxxxxxxxxxxxx<mailto:midrange-l- bounces@xxxxxxxxxxxxxxxxxx>> on behalf of Smith, Michael via MIDRANGE- L <midrange-l@xxxxxxxxxxxxxxxxxx<mailto:midrange-l@xxxxxxxxxxxxxxxxxx>>
Sent: Tuesday, April 22, 2025 14:17
To: 'midrange-l@xxxxxxxxxxxxxxxxxx' <midrange- l@xxxxxxxxxxxxxxxxxx<mailto:midrange-l@xxxxxxxxxxxxxxxxxx>>
Cc: Smith, Michael <Mike.Smith@xxxxxxxxxxxxxxxxxxxx<mailto:Mike.Smith@xxxxxxxxxxxxxxxxxxxx>>
Subject: List of commands that need special authority.

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

I’m trying to do some security clean up on several LPARs.  While a needed improvement, the Authority Collection process doesn’t quite get everything that I need.  I wanted to track every command that needs a special authority.  For instance, putting auditing on say, CRTLINEETH command, which needs IOSYSCFG.  I haven’t figured out a way to get a list and there’s no way I will do F1 on all the commands on the system and record if, and what, special authority that a command would need.

Any ideas how to track that down?

As I’ve told the folks that I’ve trained on the iSeries over the years, “F1 and F4 are your friend, use them.”, but not in this case 😊

TIA

Mike.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.