|
Matthias, In a message dated 97-08-21 10:31:43 EDT, you write: <<snip>> > To change security levels from 20 to 40 I assume it is safer to take it > in steps, first to 30, then to 40. > Would anyone have any hints or tips about going from 20 to 30? Are > there any traps to avoid? > The security reference is a bit vague on the subject. Your first assumption is correct, although I'm sure that you'll hear from others on the subject. When going from 20 to 30, you need to make sure that all of your users for a given application appear under the same group profile ID. You then need to assure that all objects under said application are owned by the group profile that you have just placed all of the users under. Prior to implementing level 40, you need to know your application! Is anything using MI code? Use CHKOBJITG to determine if you have any obvious violators, then remove any MI code (you can replace it w/API's for authorized users, see the "API Reference"). For both levels, use planning, planning, planning. The AS/400 "Security Reference", while incomplete, offers several "first strike" suggestions for analyses and changes to be made... JMHO, Dean Asmussen Enterprise Systems Consulting, Inc. Fuquay-Varina, NC USA E-Mail: DAsmussen@AOL.COM "A problem is a chance for you to do your best." -- Anonymous +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to "MIDRANGE-L@midrange.com". | To unsubscribe from this list send email to MAJORDOMO@midrange.com | and specify 'unsubscribe MIDRANGE-L' in the body of your message. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.