|
Dan I'd support what both Bryan and Anton have said so far- it is exactly the approach I took when faced with the same dilemma for a group of hostile third party developers. Of course, they then complained that they wanted to do this from WRKACTJOB - and I wasn't going to re-write that sucker :) The fact that I heard nothing more about it suggests that event though it was a minor inconenience it worked. Cheers Evan Harris >Dan we overcame this for our programming staff by writing our own "DSPJOB" >command. All you nned to do is to have a cl program that accepts the fully >qualified job name and executes the DSPJOB JOB(123456/user/job) OPTION >(*JOBLOG) command. The CL program needs to adopt the autority needed. > > >------------------------- > Bryan Dietz >3X Corporation > > > > > > > "Bale, Dan" > <D.Bale@handleman.co To: > <security400@midrange.com> > m> cc: > Sent by: Subject: RE: > [Security400] DSPJOBLOG needs *JOBCTL authority? > security400-admin@mi > drange.com > > > 09/26/2001 11:42 AM > Please respond to > security400 > > > > > > >This is a multi-part message in MIME format. >-- >[ Picked text/plain from multipart/alternative ] >"fundle"? Uh, Anton, your translator garbled something there. <g> You >know what, though, I think I like that word. "Don't fundle around with >that!" > >Anyway, I concur with what you said about "fiddling" with IBM objects. >Normally I would simply take the approach you suggested, creating a >separate program with parms to call the DSPJOBLOG command with *OWNER >adopted authority yada yada. The problem with that scenario is that the >user was attempting to view the job log of an active job using option 10 >from the "Work with Job" menu. AFAIK, my only hope is to create my own >DSPJOBLOG command that appears higher in the library list than the one >in QSYS. This command's CPP would do the things you suggested and I >presume this would work as a solution. This assumes that option 10 does >not qualify the DSPJOBLOG command (and how would one determine that?) > >But what a mess! Now I have to create a new library that has to be put >above QSYS in the system library list by changing the QSYSLIBL system >value. Our QA & Security Audit teams will have a fun time with that. > >Dan Bale >IT - AS/400 >Handleman Company >248-362-4400 Ext. 4952 >D.Bale@Handleman.com > > > -----Original Message----- > > From: Anton Gombkötö [SMTP:gombkoetoe@assoft.com] > > Sent: Wednesday, September 26, 2001 11:20 AM > > To: security400@midrange.com > > Subject: Re: [Security400] DSPJOBLOG needs *JOBCTL authority? > > > > Dan, > > > > I wouldn't fundle around with IBM's commands or command processing > > programs. > > PTF's could remove your changes easily to mention just one reason. > > > > I'd create a little program with the DSPJOBLOG with the desired parms > > in it > > and change this program to use *OWNER rights. And make a powerful > > enough > > user the owner of it. If you want, you can then set the access rights > > to > > this program to allow only your "system operator-type users" to use > > it. > > > > > > > > Mit freundlichen Grüssen / best regards > > > > Anton Gombkötö > > > > Avenum Technologie GmbH > > Wien - Mattsee - Stuttgart > > e-mail Office : mailto:Anton.Gombkoetoe@avenum.com > > Homepage : http://www.avenum.com > > >_______________________________________________ >This is the Security Administration on the AS400 / iSeries (Security400) >mailing list >To post a message email: Security400@midrange.com >To subscribe, unsubscribe, or change list options, >visit: http://lists.midrange.com/cgi-bin/listinfo/security400 >or email: Security400-request@midrange.com >Before posting, please take a moment to review the archives >at http://archive.midrange.com/security400. > > > > > >_______________________________________________ >This is the Security Administration on the AS400 / iSeries (Security400) >mailing list >To post a message email: Security400@midrange.com >To subscribe, unsubscribe, or change list options, >visit: http://lists.midrange.com/cgi-bin/listinfo/security400 >or email: Security400-request@midrange.com >Before posting, please take a moment to review the archives >at http://archive.midrange.com/security400.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.