1.  Home
  2. MIDRANGE-L
  3. July 2006

Re: Create Table Security

Hmm - the special authorities do not include *ALLOBJ. The user class *SECOFR is 
not the same as QSECOFR profile - it is possible, as here, to limit the special 
authorities even though the user class seems all=powerful. Of course, *ALLOBJ 
is a risky bit of business.

One solution might be not to put anything in a library with the same name as a 
user - is what is triggering all this in the first place.

A big maybe from here, man!!I agree, SQL security gets murky very quickly. 
Under SQL naming there are very different assumptions being made than we are 
used to in library/object land.

Vern

-------------- Original message -------------- 
From: Mark Adkins <adkinsm@xxxxxxxxxx> 


Hey Vern, 

I had the same thought and group AMPGMR already had *ALL authority to user 
profile MARK. We added Security Officer to AMPGMR as shown below and it 
still doesn't work. I also read the authority paragraphs in the sql 
reference before posting, but I got baffled quick... 

Any other ideas? 

User profile . . . . . . . . . . . . . . . : AMPGMR 

User class . . . . . . . . . . . . . . . . : *SECOFR 
Special authority . . . . . . . . . . . . : *JOBCTL 
*SAVSYS 
*SECADM 
*SERVICE 
*SPLCTL 


Object . . . . . . . : MARK Owner . . . . . . . : AMPGMR 
Library . . . . . : QSYS Primary group . . . : *NONE 
Object type . . . . : *LIB ASP device . . . . . : *SYSBAS 

Object secured by authorization list . . . . . . . . . . . . : *NONE 

Object 
User Group Authority 
*PUBLIC *ALL 
*GROUP AMPGMR *ALL 


Object . . . . . . . : MARK Owner . . . . . . . : MARK 
Library . . . . . : QSYS Primary group . . . : *NONE 
Object type . . . . : *USRPRF ASP device . . . . . : *SYSBAS 

Object 
User Group Authority 
*PUBLIC *EXCLUDE 
MARK *ALL 
*GROUP AMPGMR *ALL 
-- 
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list 
To post a message email: MIDRANGE-L@xxxxxxxxxxxx 
To subscribe, unsubscribe, or change list options, 
visit: http://lists.midrange.com/mailman/listinfo/midrange-l 
or email: MIDRANGE-L-request@xxxxxxxxxxxx 
Before posting, please take a moment to review the archives 
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.