Bryan,

Suggest you learn SQL. It is the foundation language for getting at any data
in any relational database management system. This applies to ANY of IBM's
DB2s, goes way beyond the System i5 to ORACLE, SQL/Server and many, many, many
more RDBMs. It is MUCH more powerful and universal than CL and is a lot
easier to use and more universal than RPG (unless you have template programs
already built) for presenting data on the screen or as a report.

Sincerely,

David Odom

"Burns, Bryan" <Bryan_Burns@xxxxxxxxxxxx> 6/13/2007 07:24 >>>
Well, I anticipated locks so I did the GRTOBJAUT on a Sunday when users aren't
on the system and it actually worked better than I thought it would have
(Authority given to 5886, not given to 49). The joblog shows some items
couldn't be granted authority because they were "in use" (locks). I suspect
that's why 49 items were not given the authority.
So some way or another, I'll figure out how to add authority to the 49 items.
But what about the future? How can I ensure new items are given a *USE for
user ODBCUSER? Change SYSVAL QCRTAUT?

Don't know SQL but maybe I should learn it before I tackle more in-depth CL or
basic RPG?

Thanks,
Bryan

-----Original Message-----
From: security400-bounces@xxxxxxxxxxxx
[mailto:security400-bounces@xxxxxxxxxxxx]On Behalf Of Turnidge, Dave
Sent: Wednesday, June 13, 2007 8:57 AM
To: Security Administration on the AS400 / iSeries
Subject: Re: [Security400] Private authority report


I want to repeat an earlier comment about "locks". If you have objects
that are in use when you do your GRTOBJAUT, the command will fail on
those objects. Therefore, you need to schedule that action.

Do you know how to use SQL? If so, you could dump your information to
temporary files and examine them without having to do any "programming."


Object level security takes some level of organization, but is well
worth the effort - especially when compared with the alternative...

Dave

-----Original Message-----
From: security400-bounces@xxxxxxxxxxxx
[mailto:security400-bounces@xxxxxxxxxxxx] On Behalf Of Burns, Bryan
Sent: Tuesday, June 12, 2007 3:40 PM
To: Security Administration on the AS400 / iSeries
Subject: Re: [Security400] Private authority report

John,
I did that by searching for "in use" but would have to search 49 times.
And I only got a job log because I had time to request one while it the
GRTOBJAUT was running. Hate to think where I'd be without a joblog.
I'd also hate to implement object level security if it's so difficult to
get such a list.
Bryan

-----Original Message-----
From: security400-bounces@xxxxxxxxxxxx
[mailto:security400-bounces@xxxxxxxxxxxx]On Behalf Of John Earl
Sent: Tuesday, June 12, 2007 3:32 PM
To: Security Administration on the AS400 / iSeries
Subject: Re: [Security400] Private authority report


Absent a Vendor provided security tool that will list the authorities of
objects in the library, you can review your joblog to see which items
were not changed.

jte

--
John Earl, VP and Chief Technology Officer
PowerTech: 253-872-7788
Direct: 253-479-1408
Mobile: 206-669-3336
John.Earl@xxxxxxxxxxxxx




Email is an excellent way to communicate material that is not time
sensitive. If your communication is of a more urgent nature, please
call.

===========================
This email message and any attachments are intended only for the use of
the intended recipient named above and may contain information that is
privileged and confidential. If you are not the intended recipient, any
dissemination, distribution, or copying is strictly prohibited. If you
received this email message in error, please immediately notify the
sender by replying to this email message or by telephone and delete the
message from your email system. Thank you.


-----Original Message-----
From:
security400-bounces+john.earl=powertech.com@xxxxxxxxxxxx
[mailto:security400-bounces+john.earl=powertech.com@xxxxxxxxxx
om] On Behalf Of Burns, Bryan
Sent: Tuesday, June 12, 2007 12:36 PM
To: security400@xxxxxxxxxxxx
Subject: [Security400] Private authority report

I performed a GRTOBJAUT OBJ(AMFLIBE/*ALL) OBJTYPE(*FILE)
USER(ODBCUSER) AUT(*USE) and the joblog shows "Authority given to 5886

objects. Not given to 49 objects". How can I get a list of just the
49 files in library AMFLIBE that weren't given authority?

The files for most of the 5886 objects that were given authority look
like this:

User Authority
*PUBLIC *CHANGE
AMAPICS *ALL
ODBCUSER *USE

I need a list of just the 49 files in library AMFLIBE in which
ODBCUSER has no private authority.

Bryan Burns
IBM Certified Specialist - iSeries System Command Operations
V5R2 M.I.S. Department ECHO, Incorporated www.echo-usa.com

_______________________________________________
This is the Security Administration on the AS400 / iSeries
(Security400) mailing list To post a message email:
Security400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list
options,
visit: http://lists.midrange.com/mailman/listinfo/security400
or email: Security400-request@xxxxxxxxxxxx Before posting, please take

a moment to review the archives at
http://archive.midrange.com/security400.





As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.