RE: [Security400] Debug anomaly

["David Morris" <David.Morris@xxxxxxxxxxxxx>]

Gary,

Thanks for responding. I do have a workaround,
which is to press F14 and add the program after
running a simple STRDBG. I do have all of the
rights to the program, source, and library that the
manual says are required via my effective group.
I really just want to understand what is happening.
Effective groups and swaps are not very well
documented, but 99.9% of the time they work the
same as a base profile/group/supplemental group.

The really weird thing to me is that changing the
group of the executing job allows debug. I don't
think I have ever seen a case where authority is
derived from the profile at run time. It is always to
the last swap or signon. I have not changed any
authority whatsoever and I can make it work by
changing the group. That is the second anomaly.
On the other hand, I could have simply missed
that passage in the manual.

Thanks,

David Morris

>>> gary.monnier@powertechgroup.com 03/15/02 05:06PM >>>
David,

Check to see if explicit rights are being granted to the program in
question
through an authorization list.  According to message CPF1910, on
V4R4M0
anyway, you are required to have the following to put a program in
debug.

o *EXECUTE authority to the program's library.
o *CHANGE authority to the program.
o *USE rights if your job has *SERVICE authority.

Authority checking is first done for a user profile, then for group
profile,
and finally for *PUBLIC.  The first instance found is the authority
used by
debug to see if it can be started.  If your user profile is on the
authorization list securing the program with say *USE authority you
cannot
start debug.  Give yourself *CHANGE rights and you should be good to
go.


Gary Monnier
www.powertechgroup.com  garymon@powertechgroup.com
The Powertech Group, Inc.     Seattle, Washington
Where the Security Experts Live!