× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. SECURITY400
  3. August 2001

RE: Authority annoyances, continued...

This is a multi-part message in MIME format.
--
[ Picked text/plain from multipart/alternative ]
Hi Anton!  (can't imagine what one could do with "Gombkötö", but maybe
that's a German thing?  Ich spreche Deustch nicht so gut.  I didn't
slaughter that too badly, did I?  <g> )

The CHKOBJ idea:  I might be inclined to use this in a program that
*absolutely* without fail had to finish what it started.  But for the
scenarios I am looking at, I really need to know beforehand that user
ABC can run the program in its entirety before running it.

That's why *I think* I like the USRPRF(*OWNER) approach with programs.
Sure makes it easy as it concerns authorization.  If I can run the whole
program without authority issues, then my worries are over by using
USRPRF(*OWNER).  Rhetorical question: Why not create all applications
this way?  Go ahead, scare me!

Dan Bale
IT - AS/400
Handleman Company
248-362-4400  Ext. 4952
D.Bale@Handleman.com
  Quiquid latine dictum sit altum viditur.
  (Whatever is said in Latin seems profound.)

-------------------------- Original Message --------------------------

> -----Original Message-----
> From: Anton Gombkötö [SMTP:gombkoetoe@assoft.com]
> Sent: Tuesday, August 21, 2001 11:51 AM
> To:   security400@midrange.com
> Subject:      Re: [Security400] Authority annoyances, continued...
>
> --
> [ Picked text/plain from multipart/alternative ]
> Hi Dan!
>
> In those programs, where i need to do something that the average user
> might
> not be entitled and so not be authorized to, i do a
> CHKOBJ OBJ(powercommand) OBJTYPE(*CMD) AUT(*USE)  for all the mighty
> commands first, before i do anything else. All commands, so also those
> running hours later! So if it's going to fail, it fails in the second
> of
> the call, not in the middle of the night. (at least for this reason
> ;-)
>
> In those programs and situations, where it is possible to run programs
> with
> USRPRF(*OWNER) and the owner of the program is a mighty user, i use
> this
> approach. So even an under-privileged user can do things that he isn't
> authorized to. But my program is and he is allowed to run my program.
>
> I think this approach could cure many of your headaches...
>
> (ad Ban Dale: You can't imagine what people do with my surname
> "Gombkötö"....  ;-)
>
> Mit freundlichen Grüssen / best regards
>
> Anton Gombkötö

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.