1.  Home
  2. MIDRANGE-L
  3. March 2006

RE: RE: RE: RE: Special authority use ... Auditing

midrange-l-request@xxxxxxxxxxxx wrote:

>   7. RE: RE: RE: Special authority use ... Auditing (M. Lazarus)
>
>  Doesn't saving objects to a *SAVF require *SAVSYS authority?  Of 
>course, the application can adopt the authority, but please correct 
>me if I'm wrong about the former.

Mark:

I haven't explicitly tested for a long time, though it'd be easy enough. The 
Help for SAVOBJ indicates *SAVSYS is not required as long as you have 
appropriate authority for the SAVF and the objects saved including libraries.

Tom

>At 3/26/06 09:47 PM, you wrote:
>>
>>While saving data is a perfectly reasonable operation within an 
>>application, I'm not clear why it would require *SAVSYS for the 
>>application user. *SAVSYS reaches far beyond any application to 
>>objects that a user should not be saving. And certainly not restoring.
>>
>>A general rule might be stated as "He who can save an object, can 
>>restore the object." That can be a very real risk when some system 
>>objects are included.
>>
>>Tom Liotta
>>
>>midrange-l-request@xxxxxxxxxxxx wrote:
>>
>> >   7. RE: RE: Special authority use ... Auditing (M. Lazarus)
>> >
>> >  I have developed an application that allows users to save subsets
>> >of data into *SAVFs and restore them on demand.
>> >
>> >At 3/24/06 07:35 PM, you wrote:
>> >>midrange-l-request@xxxxxxxxxxxx wrote:
>> >>
>> >> >   8. RE: Special authority use ... Auditing (Graap, Ken)
>> >> >
>> >> >The question I'm trying to answer now is "Why do regular application
>> >> >uses require *SAVSYS authority?" None of the developers in my shop can
>> >> >answer that question. I need to understand that before I remove this
>> >> >special authority from the application's group profile. I was hoping
>> >> >that I could get information from the audit journal regarding this. It
>> >> >looks like it isn't going to be that easy. I'll probably end up
>> >> >recommending that we make the change, see what "breaks" and then address
>> >> >each situation as it comes up.
>> >>
>> >>
>> >>I'd expect that to be the best course to take. I'm having a very
>> >>hard time grasping why any application users would ever need
>> >>*SAVSYS. If something breaks, then that something needs to be fixed
>> >>-- and _not_ by granting *SAVSYS.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.