|
This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] I used EDTOBJAUT per your advice. This seems to match what the security reference says. Why isn't QSECOFR in this list? Is it because it has *ALLOBJ special authority? Maybe I should just create a new PDM option: GRTOBJAUT &N *CMD USER(LTEIT) AUT(*USE) and use it on all command objects in QSYS? (LTEIT is the group profile for admins.) Dan Bale IT - AS/400 Handleman Company 248-362-4400 Ext. 4952 D.Bale@Handleman.com Quiquid latine dictum sit altum viditur. (Whatever is said in Latin seems profound.) -------------------------- Original Message -------------------------- > -----Original Message----- > From: Jim Langston [SMTP:jlangston@celsinc.com] > Sent: Monday, August 20, 2001 6:00 PM > To: security400@midrange.com > Subject: RE: [Security400] "Not authorized to command XXXXXXXX" > > Generally what I do when I come across this type of situation is I > EDTOBJAUT > on the given command and see how they are currently set up. I see on > our > system it is also set up: > > Object > User Group Authority > QSYS *ALL > QSRV *USE > QSRVBAS *USE > QSYSOPR *USE > QPGMR *USE > *PUBLIC *EXCLUDE > > which basically means the system, programmers and the security officer > can > run the command. If I wanted someone else to use this command I would > add > them as *USE. > > EDTOBJAUT is generally the first place I look when securing or > unsecuring > commands. > > Regards, > > Jim Langston > Programmer/Analyst > Cels Enterprises, Inc. > > -----Original Message----- > From: security400-admin@midrange.com > [mailto:security400-admin@midrange.com]On Behalf Of Bale, Dan > Sent: Monday, August 20, 2001 2:40 PM > To: security400@midrange.com > Subject: [Security400] "Not authorized to command XXXXXXXX" > > > <SNIP> > Am I correct that I can give the group profile for admins *USE > authority > to the STRHOSTSVR command to solve our dilemna? Or is there something > else that needs to be done? > > Dan Bale > <SNIP>
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.