AThis sounds pretty scary. I've known about adopted authority since the
early days of the AS/400, but profile switching is news to me.
Am I reading this right? Joe User can sign on with his profile, use some
magic command, and he can become QSECOFR? With no trace back to Joe
User's profile?
It's not all that scary. You could potentially do that if you knew the
password, but then you could log on as qsecofr anyway. The concern as I see
it, is that in order to swap profiles without knowing the password (which
is desirable for programmatic use), you need to have *USE authority to the
user profile. That can cause some security exposure unless it's handled
very intelligently. I really don't think profile swapping is more dangerous
than adopting authority. The issues are a little more subtle perhaps, but
not all that different. I think if you're going to be using profile
swapping, the swapped-to profile should not have more authority than the
user. It should just have one specific capability that's needed for a
particular job step. Once that part of the job is done, the original user
should be restored. If the need for profile swapping is security related,
maybe the program that does the swap needs to run with adopted authority.
Oh, what tangled webs we weave...
Pete Hall
http://www.pbhall.us
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.