If memory serves me (and it often doesn't), on the S/38 all new objects were added with *PUBLIC *CHANGE, and later in the S/38 release or early in the /400 release we got the system value QCRTAUT authority so that we could set the default for ourselves. But I'm not sure enough of this to swear to it.... Dave Shaw is hanging around here... Dave do you remember? jte ----- Original Message ----- From: Joe Giusto II (E-mail) <firstname.lastname@example.org> To: <email@example.com> Sent: Thursday, August 23, 2001 6:48 AM Subject: RE: [Security400] Authority annoyances, continued... > If memory serves me correctly, didn't the SYS38 default objects to public > exclude (or maybe it was just use)? I seem to remember always having > trouble with object authority when ever we changed employees. As the new > operator would run jobs during the first week or so, we would have to keep > granting object authority to files as programs blew up. This was of course > before we learned about the group profiles which eliminated that need once > implemented. We granted proper authority to the group profiles and then > just started adding profiles to the group when new person came. > > Joe Giusto II > Programmer/Analyst > Ritz Camera > Beltsville, MD > 301-419-3209 x347 > 410-813-2812 x347 > > -----Original Message----- > From: firstname.lastname@example.org > [mailto:email@example.com] On Behalf Of John Earl > Sent: Wednesday, August 22, 2001 8:04 PM > To: firstname.lastname@example.org > Subject: Re: [Security400] Authority annoyances, continued... > > > <snip> > > Now, we sell exit programs, and make our living (in part) off of this > "hole" that was opened up - but I must insist - please, don't blame > IBM. They didn't do it. The hole was created by us (you and I ) and > all the other developers and (especially) application vendors that > built our systems to rely on "menu security". IBM told us not to do > it. IBM gave us object level security. We just chose not to use. I > agree that the /400 world is in a very messy place with respect to > security, I just don't think you can saddle IBM with the blame. > > <snip> > > jte > > -- > John Earl - VP & CTO > The Powertech Group > 253-872-7788 > email@example.com > www.powertechgroup.com > > > > _______________________________________________ > This is the Security Administration on the AS400 / iSeries (Security400) mailing list > To post a message email: Security400@midrange.com > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/cgi-bin/listinfo/security400 > or email: Security400firstname.lastname@example.org >
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.