Frank,

I tend to agree with this.
I originally wanted to setup some offsite PGMR's
with their own Group ( im at level 40 ), but then i
started getting issues like they didnt have permission
to the debugger, and others that seemed dumb.
Started to get a bit of A PAIN and too hard.

Making their grp QPGMR fixed it, but i would have liked
to go my original way. BUT without obvious pointers, i
havnt got a lot of time to spend on it.


Im settling on your method ( i think..).

Ian.

-----Original Message-----
From: Frank.Kolmann@revlon.com [mailto:Frank.Kolmann@revlon.com]
Sent: Thursday, 20 December 2001 11:14
To: midrange-l@midrange.com
Subject: IBM supplied QPGMR (was Modify SYSVAL QSYSLIBL)

I would suggest that most AS400 shops use the QPGMR profile for programmer
access.  Tailoring user profiles to specific jobs seems to be a headache.
I suppose some people do this, but not many.
We use AS400 security to keep programmers out of production databases
(program and data) but I suggest a a lot of shops do not even do that much.
Is it asking too much for examples of which QPGMR authorities should be
revoked.

As a complete aside I was wondering what Walden was on about re. SEPT.
This is the first I heard about SEPT.
Seems to me that accessing system programs via SEPT completely bypass
AS400 security checking. I am probably wrong.


Frank Kolmann



As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.