|
I have a "best practices" question when it comes to IBM i 7.5 and BRMS. In the MTU for 7.5 IBM notes that they changed the *PUBLIC authority for the BRMS files from *USE to *EXCLUDE. This causes an issue when someone without *ALLOBJ authority tries to restore using RSTLIBBRM as it cannot read the files. I noticed this on a 'remote' restore RSTLIBBRM FROMSYS(...). So how do you resolve this?
1: Have someone with *ALLOBJ do your restores?
2: Submit "idea" to change it back?
3: Change *PUBLIC back to *USE and put that in your IPL program to fix it after each ptf, release upgrade, etc?
4: Change *PUBLIC from *EXCLUDE to *AUTL and put an authorization list on it?
5: Write wrapper programs to do restores which adopt authority?
6: Give *ALLOBJ to everyone who does restores?
7: Write the password for QSECOFR on your whiteboard?
I could not find an "idea" which requested that they change the authority.
What problem does it cause to have people read these files with only *USE? Find what tapes hold certain objects and make sure you grab those tapes too after you maliciously scrambled the objects?
Rob Berendt
This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
