× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. SECURITY400
  3. August 2001

Re: Authority annoyances, continued...

Dan,

I would approach this problem as follows:

Create a user on the system (eg. BACKUPUSER) with no password (password
*NONE). Ensure this user has the required authority to do the back up. A
good way to achieve this is to put the user into the QSECOFR group, make the
group the owner of all objects created by this user.

Create a job description that will be used to submit the back up job to
batch. Ensure that the USER parameter of the job description specifies the
new user (eg. USER(BACKUPUSER)). Any job submited to batch using this job
description will then run under the new user profile.

Create a CL program to submit the backup job and add it to the standard
daily procedures. (eg. Job scheduler, menu system, whatever)

This will solve the authority problem without getting into any complicated
programming routines.

Regards,

Richard J. Serrano
Team Member
Team400 Inc.
2447 W. Beverly Blvd.
Montebello, CA 90640
Tel. 323 838-5859
Fax 323 726-2940
E-mail: rjs@team400.net
Web: www.team400.net

----- Original Message -----
From: "Bale, Dan" <D.Bale@handleman.com>
To: <security400@midrange.com>
Sent: Tuesday, August 21, 2001 8:26 AM
Subject: [Security400] Authority annoyances, continued...


Here's a situation I find myself in on a regular basis.  My current task
has been getting the backups up to snuff.  In my backup app, I am
running commands that require more authorities than what the typical
user has.  I have a five-hour window for my backups.  Five of our
systems are at remote locations.  If the backup app stops for a "user
doesn't have required authority" message that I did not anticipate, I'm
screwed because the nightly FTP of orders from the mainframe can't start
until after the backup finishes.  This has a big impact on our
warehouses when they can't begin processing orders first thing in the
morning.  I've gotten hammered once for this and don't intend to go
through it again.

Thinking this through just a bit...  I wonder if there's a way to "test"
a program object (or its source code?) before executing it to see if a
given user has all the necessary authorities to run it from start to
finish.  Has anybody written this utility?

- Dan

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.