Just a quick note for the list users ...

Occasionally a programmer will use an authorization list as an easy
technique for security control. For example, an exit program may be written
that does a CHKOBJ against an authorization list and decides whether to
authorize or reject access. It is difficult to find these programs in an
application when making the decision about removing what appears to be an
unused authorization list.

Consider using the object audit feature to determine whether the list was
accessed for a period of time before deleting it.

Steve Glanstein
mic@xxxxxxxxx


> -----Original Message-----
> From: CWilt@xxxxxxxxxxxx [mailto:CWilt@xxxxxxxxxxxx]
> Sent: Friday, May 14, 2004 1:18 PM
> To: security400@xxxxxxxxxxxx
> Subject: [Security400] Authorization List question
>
> All,
>
> Just a quick question about authorization lists: is there any way for the
> list to be used without having objects secured by it?
>
> I've got some *AUTL floating around that don't list any objects as being
> secured by them.  I was going to just delete them, but I wanted to make
sure
> there was no possible way they were being used by some process.

It is also possible to check a user against an authority list using:
 CHKOBJ     OBJ(QSYS/&AUTL) OBJTYPE(*AUTL) AUT(*USE)

We've used this in-house for exit point control.  No link shows for OS400,
but the lists end up controlling access.


As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.