Just a quick note for the list users ... Occasionally a programmer will use an authorization list as an easy technique for security control. For example, an exit program may be written that does a CHKOBJ against an authorization list and decides whether to authorize or reject access. It is difficult to find these programs in an application when making the decision about removing what appears to be an unused authorization list. Consider using the object audit feature to determine whether the list was accessed for a period of time before deleting it. Steve Glanstein mic@xxxxxxxxx > -----Original Message----- > From: CWilt@xxxxxxxxxxxx [mailto:CWilt@xxxxxxxxxxxx] > Sent: Friday, May 14, 2004 1:18 PM > To: security400@xxxxxxxxxxxx > Subject: [Security400] Authorization List question > > All, > > Just a quick question about authorization lists: is there any way for the > list to be used without having objects secured by it? > > I've got some *AUTL floating around that don't list any objects as being > secured by them. I was going to just delete them, but I wanted to make sure > there was no possible way they were being used by some process. It is also possible to check a user against an authority list using: CHKOBJ OBJ(QSYS/&AUTL) OBJTYPE(*AUTL) AUT(*USE) We've used this in-house for exit point control. No link shows for OS400, but the lists end up controlling access.
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.