If memory serves me (and it often doesn't), on the S/38 all new
objects were added with *PUBLIC *CHANGE, and later in the S/38 release
or early in the /400 release we got the system value QCRTAUT authority
so that we could set the default for ourselves.

But I'm not sure enough of this to swear to it.... Dave Shaw is
hanging around here... Dave do you remember?


----- Original Message -----
From: Joe Giusto II (E-mail) <juicenetdps@crosswinds.net>
To: <security400@midrange.com>
Sent: Thursday, August 23, 2001 6:48 AM
Subject: RE: [Security400] Authority annoyances, continued...

> If memory serves me correctly, didn't the SYS38 default objects to
> exclude (or maybe it was just use)?  I seem to remember always
> trouble with object authority when ever we changed employees.  As
the new
> operator would run jobs during the first week or so, we would have
to keep
> granting object authority to files as programs blew up.  This was of
> before we learned about the group profiles which eliminated that
need once
> implemented.  We granted proper authority to the group profiles and
> just started adding profiles to the group when new person came.
> Joe Giusto II
> Programmer/Analyst
> Ritz Camera
> Beltsville, MD
> 301-419-3209 x347
> 410-813-2812 x347
>  -----Original Message-----
> From: security400-admin@midrange.com
> [mailto:security400-admin@midrange.com]  On Behalf Of John Earl
> Sent: Wednesday, August 22, 2001 8:04 PM
> To: security400@midrange.com
> Subject: Re: [Security400] Authority annoyances, continued...
> <snip>
> Now, we sell exit programs, and make our living (in part) off of
> "hole" that was opened up - but I must insist - please, don't blame
> IBM.  They didn't do it.  The hole was created by us (you and I )
> all the other developers and (especially) application vendors that
> built our systems to rely on "menu security".  IBM told us not to do
> it.  IBM gave us object level security.  We just chose not to use.
> agree that the /400 world is in a very messy place with respect to
> security, I just don't think you can saddle IBM with the blame.
> <snip>
> jte
> --
> John Earl - VP & CTO
> The Powertech Group
> 253-872-7788
> johnearl@powertechgroup.com
> www.powertechgroup.com
> _______________________________________________
> This is the Security Administration on the AS400 / iSeries
(Security400) mailing list
> To post a message email: Security400@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/security400
> or email: Security400-request@midrange.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.