Rob,
Wasn't one of the new things in 7.4 that you could run an audit (during X
time, say a week) of who did what and what effective permissions they used
in that time? Maybe it's not what you need but it works for downgrading
those who don't really need all that authority...

Best Regards,

Roberto

On Wed, Jul 10, 2019 at 2:34 PM Rob Berendt <rob@xxxxxxxxx> wrote:

The last example was sql also.
However your example does show that authorization_name is the same as the
current_user of the other one and not job_user.
Basically both examples got all the data. But if either example provides
additional columns of interest then pick the desired solution.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com


-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Bryan Dietz
Sent: Wednesday, July 10, 2019 1:28 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Auditing users with elevated privileges.

CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the content is safe.


or use SQL :-)

SELECT Authorization_Name
,Job_Name
,Subsystem
FROM TABLE (
Qsys2.Active_Job_Info()
) I
WHERE Authorization_Name = 'ROB'
;


Jim Oberholtzer wrote on 7/10/2019 10:07 AM:
Nice, I had not thought of using the user profile lock to see active
jobs.

Thanks for the ideas!


--
Jim Oberholtzer
Agile Technology Architects

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Rob Berendt
Sent: Wednesday, July 10, 2019 8:22 AM
To: Midrange Systems Technical Discussion
<midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: Auditing users with elevated privileges.

I like the audit journal. For this project I can't see anything that
history log brings to the table that I can't get from the audit journal.
Maybe job start and end but I'm not concerned about those as I can use
the ENTRY_TIMESTAMP for what I need.

If I was looking for just active jobs I would look for locks on the
user profile with select job_name from qsys2.object_lock_info where
system_object_name = 'ROB'
and OBJECT_TYPE = '*USRPRF';


Rob Berendt

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.