I looked at the level of detail provided by the audit journal.
It says that a strsrvjob command was executed on job X by user Y.
As Ed pointed out, you must have *SERVICE in the auditing definitions or
even this information is omitted.
On the other side of the issue, let's see what does *USE authority to user
profiles mean.

a. A user with *ALLOBJ has *USE authority to all user profiles.
b. A user who is the owner of the user profile can grant herself *USE
authority if she does not have it already.
c. A user has automatic *USE to the group profile that she belongs to.
d. QSYSOPR does not need *USE authority.

Considering the common practices in most as400 shops, I would feel much
better if CHGPGMVAR, CHGPTR and their kin were also logged to the audit
journal under some code, or if the database journal had an indication
of being created in a debug session.


As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2021 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.