I have been asked to secure a completely open system to the users for SOX and just good security practice. I have created a program to call the menu command with a profile with *ALLOBJ authority and specified *OWNER to adopt authority so we can take *ALLOBJ away from users so they only have the access through the menu system and no command line access.
This system was developed years ago with the IBM APD (application program development) which layers the applications with a detailed front end menu and security system.
When we test the access, we get 3 layers down and try to get to another program and it fails with a cpf4101 cannot find file. When we look at the joblog, it shows an authorization error on the file and then tries to find the file in QTEMP and aborts with an RPG1216. When we are at that point, we look at the authorization for the file and we see the normal authoization with one added authorization *ADOPT with User Defined and all object authority except for operational because the *PUBLIC already has *CHANGE authority.
This looks like to me that the added adopted authority should allow this file to be opened but we still get the CPF2189 - Not Authorized to Object xxx in yyy Type *FILE.
Any ideas why this is not working?
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!