I want to repeat an earlier comment about "locks". If you have objects
that are in use when you do your GRTOBJAUT, the command will fail on
those objects. Therefore, you need to schedule that action.

Do you know how to use SQL? If so, you could dump your information to
temporary files and examine them without having to do any "programming."


Object level security takes some level of organization, but is well
worth the effort - especially when compared with the alternative...

Dave

-----Original Message-----
From: security400-bounces@xxxxxxxxxxxx
[mailto:security400-bounces@xxxxxxxxxxxx] On Behalf Of Burns, Bryan
Sent: Tuesday, June 12, 2007 3:40 PM
To: Security Administration on the AS400 / iSeries
Subject: Re: [Security400] Private authority report

John,
I did that by searching for "in use" but would have to search 49 times.
And I only got a job log because I had time to request one while it the
GRTOBJAUT was running. Hate to think where I'd be without a joblog.
I'd also hate to implement object level security if it's so difficult to
get such a list.
Bryan

-----Original Message-----
From: security400-bounces@xxxxxxxxxxxx
[mailto:security400-bounces@xxxxxxxxxxxx]On Behalf Of John Earl
Sent: Tuesday, June 12, 2007 3:32 PM
To: Security Administration on the AS400 / iSeries
Subject: Re: [Security400] Private authority report


Absent a Vendor provided security tool that will list the authorities of
objects in the library, you can review your joblog to see which items
were not changed.

jte

--
John Earl, VP and Chief Technology Officer
PowerTech: 253-872-7788
Direct: 253-479-1408
Mobile: 206-669-3336
John.Earl@xxxxxxxxxxxxx




Email is an excellent way to communicate material that is not time
sensitive. If your communication is of a more urgent nature, please
call.

===========================
This email message and any attachments are intended only for the use of
the intended recipient named above and may contain information that is
privileged and confidential. If you are not the intended recipient, any
dissemination, distribution, or copying is strictly prohibited. If you
received this email message in error, please immediately notify the
sender by replying to this email message or by telephone and delete the
message from your email system. Thank you.


-----Original Message-----
From:
security400-bounces+john.earl=powertech.com@xxxxxxxxxxxx
[mailto:security400-bounces+john.earl=powertech.com@xxxxxxxxxx
om] On Behalf Of Burns, Bryan
Sent: Tuesday, June 12, 2007 12:36 PM
To: security400@xxxxxxxxxxxx
Subject: [Security400] Private authority report

I performed a GRTOBJAUT OBJ(AMFLIBE/*ALL) OBJTYPE(*FILE)
USER(ODBCUSER) AUT(*USE) and the joblog shows "Authority given to 5886

objects. Not given to 49 objects". How can I get a list of just the
49 files in library AMFLIBE that weren't given authority?

The files for most of the 5886 objects that were given authority look
like this:

User Authority
*PUBLIC *CHANGE
AMAPICS *ALL
ODBCUSER *USE

I need a list of just the 49 files in library AMFLIBE in which
ODBCUSER has no private authority.

Bryan Burns
IBM Certified Specialist - iSeries System Command Operations
V5R2 M.I.S. Department ECHO, Incorporated www.echo-usa.com

_______________________________________________
This is the Security Administration on the AS400 / iSeries
(Security400) mailing list To post a message email:
Security400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list
options,
visit: http://lists.midrange.com/mailman/listinfo/security400
or email: Security400-request@xxxxxxxxxxxx Before posting, please take

a moment to review the archives at
http://archive.midrange.com/security400.





As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.