Register

Forgot Password

Site FAQ

Home > IT Answers > AS/400 > *ALLOBJ in Operation Navigator

Belden

5 pts.

*ALLOBJ in Operation Navigator

*ALLOBJ, AS/400, Operations Navigator

How can I prevent *ALLOBJ users to access File Systems and Databases in Operation Navigator?

Software/Hardware used:

ASKED: March 5, 2008 8:04 AM

UPDATED: March 5, 2008 1:14 PM

RELATED QUESTIONS

Answer Wiki:

My first thought/question is why a given user has *ALLOBJ special authority when you don't want them to have access to objects on the system. It might be easier to find a way to eliminate the need for this special authority. Operations Navigator Application Administration does provide the ability to customize what a user see on the Navigator interface but, as mentioned in <a href="http://publib.boulder.ibm.com/infocenter/iseries/v5r4/topic/rzaj3/rzaj3security.htm">this Information Center article</a> this does not limit access to the underlying obects, it just limits the interfaces to the objects that the user sees. There are many exit points that can be used to restrict access to objects. The i5/OS servers that support Navigator provide exit program capability so that you could deny requests based on the *USRPRF. But before trying to intercept every possible request from these *ALLOBJ users I would, as mentioned before, first find out why they have *ALLOBJ in the first place and find a method by which we can give them a more appropriate set of object rights. Bruce Vining <a href="http://www.brucevining.com/">http://www.brucevining.com/</a> Integrated solutions for the System i user community

Operations Navigator Application Administration does provide the ability to customize what a user see on the Navigator interface but, as mentioned in <a href="http://publib.boulder.ibm.com/infocenter/iseries/v5r4/topic/rzaj3/rzaj3security.htm">this Information Center article</a> this does not limit access to the underlying obects, it just limits the interfaces to the objects that the user sees.

There are many exit points that can be used to restrict access to objects.  The i5/OS servers that support Navigator provide exit program capability so that you could deny requests based on the *USRPRF.  But before trying to intercept every possible request from these *ALLOBJ users I would, as mentioned before, first find out why they have *ALLOBJ in the first place and find a method by which we can give them a more appropriate set of object rights.

Bruce Vining
<a href="http://www.brucevining.com/">http://www.brucevining.com/</a>
Integrated solutions for the System i user community

Last Wiki Answer Submitted: March 5, 2008 11:20 am by bvining

6,055 pts.

All Answer Wiki Contributors: bvining

6,055 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags