I made a personal menu that only allows the commands I add to it,  Its easily modified and easily personalized.

Personal menu <http://www.martinvt.com/SQL_-simple-/SQL_Personal_Menu/sql_personal_menu.html>

It may do what you want to do?


On 9/22/2017 7:57 PM, midrange wrote:
They need to view users, libraries, jobs, job description etc.
Menu options only, no cmd line.
Still need a very restricted profile so that if they use your client (like
Client Access or ACS, or attempt and odbc/jdbc access with a win client is
read only .

They should be telling you (in detail) what they want

1. USERS - a list of users with their special authorities - clp with
DSPUSRPRF to outfile and then query the file to paper (or pdf)

2. Libraries - DSPLIB command with a prompt of the library name and the
output either * or *PRINT (and if you know how to turn reports to pdf and
deliver or ask the list for ideas - we have no idea whats on your system..

3. JOBS - scheduled jobs? - list out the scheduler or is this a snapshot of
WRKACTJOB (*PRINT)

4. Job Descriptions - DSPJOBD JOBD(QPGMR) OUTPUT(*PRINT)
Do a wrkobj *all/*all *jobd to get your list of job d's - see the jobd's in
the dspusrprf to see what you are using...

5. etc - you get the idea

Only menu options of what they asked for
No command line
Expect this to be an iterative process - they ask and you provide (within
reason). Then they ask for more.
Make sure you and your management are in sync of when to ever push back on
something that sounds unreasonable.

There are some reports on GO SECURITY menu - but they should never have
access - and you should be careful as well - options that might disable
accounts in use...

Oh yes... 99. SIGNOFF

Jim Franz



-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jerry
Draper
Sent: Friday, September 22, 2017 5:54 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: Re: auditor access

We propose to create an "auditor" menu.

Suggestions for commands to include on the menu?

Thanks,

Jerry

On 9/20/2017 1:52 PM, Jerry Draper wrote:
Our IBM I system environment is undergoing an external audit.

How can we provide read-only access for the auditor (i.e., with no
ability to execute change, add, or modify)

They need to view users, libraries, jobs, job description etc.

Thanks,

Jerry


--
Jerry Draper, Trilobyte Software Systems, since 1976 IBMi, Network, and
Connectivity Specialists, LAN/WAN/VPN Representing WinTronix, Synapse, HiT,
and others .....
(415) 457-3431 opt-1 . www.trilosoft.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link:
http://amzn.to/2dEadiD



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.