RE: Adopted authority vs profile switching

[Ed Fishel <edfishel@xxxxxxxxxx>]

Joe,

>  . . .                          I'm not against swapping (although there
> are some issues with journals).  I'm against users having *USE authority
> to any profile but their own, because THAT, as you point out John, is a
> severe security risk.
>
> So while profile swapping is a quick fix for a number of design issues,
> if implemented incorrectly it's a poor one from a security standpoint.
>
> Joe

I agree with you and with John Earl. It might be useful to point out that
in a well designed application you do not need to give users *USE authority
to another, more powerful, user profile.  A program that adopts its owners
authority will have *USE authority to the owners user profile. So adopted
authority can be used to give a program authority to swap to the user
profile of the owner of the program. This is a useful way to gain authority
to functions of the system that do not support adopted authority.

The combination of adopting and swapping is more tricky to use when the
program is owned by a user profile that has *ALLOBJ special authority and
needs to swap to a less powerful user profile. After the swap the program
will still have all its adopted authority. Fortunately, there are ways to
drop that adopted authority.

A difference between using adopted authority and using swapped user
profiles is that the adopted authority ends when the program ends, while
the swapped user profile stays swapped until it is swapped back. This means
that the programmer that uses swapped user profiles should consider all
possible ways for the program to end, including ENDRQS and sending *ESCAPE
messages.

Ed Fishel,
edfishel@xxxxxxxxxx