Hi Ed,

I saw that however I interpreted it to mean the user inclusive of
authorities gained via the group on both sides of the submit. Where did
you find the reference that says the group profiles are not used when
checking the profile this will run under? Do you have any insight on why
this is the case? 


David Morris

>>> edfishel@xxxxxxxxxx 6/16/2004 7:07:13 AM >>>

David Morris asked:

> Can anyone tell me why authority to a job description used on a
> job cannot be derived from a group profile? It appears that a jobd
> by USERA with a primary group of USERB *USE cannot be submitted by a
> USERC, which has a group profile of USERA. The job description is
> *EXCLUDE. The job description does not have a profile and the
> indicates that USERC must have *USE rights to the job description.

One of the footnotes for the Job description on the SBMJOB command in
Appendix D of the Security Reference manual is: "(9) Both the user
submitting the job and the user profile under which the job will run
checked for authority to the referenced object." When authority of the
submitting the job is checked adopted authority and any authority from
their current group profiles are used. But when the authority of the
profile under which the job will run is checked adopted authority and
authority from their group profiles is not used. So USERC will need
authority to the job description when it is the user profile under
the submitted job will run.

I hope this helps.

Ed Fishel,

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2020 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].