|
All, Is there any way to prevent a user profile from using *PUBLIC authority? Here's the scenario, I've got a user profile set up for JDBC use from a external web server. All I want this profile do be able to do is call stored procedures it is specifically authorized to. Basically, I'm concerned about *PUBLIC being expand from just "regular" users, ie. company employees, to the entire world; or at least those non employees who have logons for the web server or more worrisome, hackers that manage to breach the web server (Windows based, not by my choice ;-) I've thought of two ways to handle this. 1) a. Create a group profile for all my "regular" users. b. Grant the group profile the same authority that *PUBLIC currently has for each & every object c. change *PUBLIC to *EXCLUDE for every object 2) a. Grant *EXCLUDE authority to every object for this user profile (or better yet a new group profile of which this profile will be a member) Don't forget that when I say "every object" I'm talking about IFS files and directories too. Couple of problems: 1) Making sure new objects on the system get the correct authorities. 2) I'd imagine that there are IBM objects I shouldn't set *EXCLUDE What I'd really like is to be able to do a CHGUSRPRF USEPUBLIC(*NO). But that parm doesn't exist <grin> So how do you handle this? Thanks, Charles Wilt iSeries Systems Administrator / Developer Mitsubishi Electric Automotive America ph: 513-573-4343 fax: 513-398-1121
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
