I was going to stay out of this one.  Now, I've had a nice weekend and I 
am playing a bit of catch up so I don't feel like reviewing to the nth 
degree but this is what we do on SOME of our machines.

CHGSYSVAL QCRTAUT *EXCLUDE.
CRTAUTL MYAUTL
ADDAUTLE MYAUTL  USER(*PUBLIC) AUT(*EXLUDE)
CHGLIB ... CRTAUT(MYAUTL)  any new objects will be created secured with 
that authorization list.
CHGAUT OBJ('/qsys.lib/mylib.lib') AUTL(MYAUTL)
CHGAUT OBJ('/qsys.lib/mylib.lib/*') AUTL(MYAUTL)
CHGAUT OBJ('/qsys.lib/mylib.lib') USER(*PUBLIC) AUTL(MYAUTL)
CHGAUT OBJ('/qsys.lib/mylib.lib/*') USER(*PUBLIC) AUTL(MYAUTL)

A new user on this machine does not even have access to a 5250 session 
until they are added to the proper authorization list.

No, we are not using "application only" access on this machine.  With that 
access the only way to access files is by calling programs that adopt 
authority.  However, we have no user written programs on this machine, nor 
any canned "traditional" packages.  It's all Domino and some ftp exit 
points for our ftp site.  And, some ifs shares set up for our internal 
users to process ftp data.


Rob Berendt
-- 
Group Dekko Services, LLC
Dept 01.073
PO Box 2000
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.