Regards Evan Harris
Is there any way to prevent a user profile from using *PUBLIC authority?
Here's the scenario, I've got a user profile set up for JDBC use from a external web server. All I want this profile do be able to do is call stored procedures it is specifically authorized to.
Basically, I'm concerned about *PUBLIC being expand from just "regular" users, ie. company employees, to the entire world; or at least those non employees who have logons for the web server or more worrisome, hackers that manage to breach the web server (Windows based, not by my choice ;-)
I've thought of two ways to handle this.
1) a. Create a group profile for all my "regular" users.
b. Grant the group profile the same authority that *PUBLIC currently has for each & every object
c. change *PUBLIC to *EXCLUDE for every object
2) a. Grant *EXCLUDE authority to every object for this user profile (or better yet a new group profile of which this profile will be a member)
Don't forget that when I say "every object" I'm talking about IFS files and directories too.
Couple of problems: 1) Making sure new objects on the system get the correct authorities. 2) I'd imagine that there are IBM objects I shouldn't set *EXCLUDE
What I'd really like is to be able to do a CHGUSRPRF USEPUBLIC(*NO). But that parm doesn't exist <grin>
So how do you handle this?
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.