× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. SECURITY400
  3. August 2001

RE: Authority annoyances, continued...

This is a multi-part message in MIME format.
--
[ Picked text/plain from multipart/alternative ]
Um, wait, I'm getting lost here.  Was it me you were responding to?
(Not too many Dan's on the list, so I'm assuming.)

Are you differentiating an adopted authority program from an adopted
authority routine?  If so, how are they different?

Dan Bale
IT - AS/400
Handleman Company
248-362-4400  Ext. 4952
D.Bale@Handleman.com

> -----Original Message-----
> From: John Earl [SMTP:johnearl@powertechgroup.com]
> Sent: Wednesday, August 22, 2001 8:40 PM
> To:   security400@midrange.com
> Subject:      Re: [Security400] Authority annoyances, continued...
>
> Dan,
>
> I agree with the poster who asked why this was different/better than
> just creating an adopted authority program.  It can be significantly
> less secure than an adopted authority routine.
>
> > Create a user on the system (eg. BACKUPUSER) with no password
> (password
> > *NONE). Ensure this user has the required authority to do the back
> up. A
> > good way to achieve this is to put the user into the QSECOFR group,
> make the
> > group the owner of all objects created by this user.
> >
> > Create a job description that will be used to submit the back up job
> to
> > batch. Ensure that the USER parameter of the job description
> specifies the
> > new user (eg. USER(BACKUPUSER)). Any job submited to batch using
> this job
> > description will then run under the new user profile.
>
> This last line may be much truer than you wish.  On a security level
> 30 machine, this JOBD would be usable by any user, for any purpose
> they desire, unless you specifically restrict access to the JOBD.
>
> If you choose this route, please be sure to secure the JOBD to *PUBLIC
> *EXCLUDE and then specifically give the user who will be submitting
> this job *USE authority to the JOBD.  This will prevent other users
> from misappropriating this JOBD.
>
> It may not prevent the original user from mis-using this JOBD though.
> Once you give them authority to use the JOBD, it may be difficult or
> impossible to control what they use the JOBD for.
>
> An adopted authority routine that does a very specific thing, and
> adopts the necessary authority for a finite period of time can provide
> a much more secure route to your destination..
>
> jte
>
>
> --
> John Earl - VP & CTO
> The Powertech Group
> 253-872-7788
> johnearl@powertechgroup.com
> www.powertechgroup.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.