DLTMSGQ Command Security

645 pts.
Tags:
AS/400 security
One of our Operator's was clearing message queues today and instead of clearing, she deleted them. I would like to change the command DLTMSGQ to *PUBLIC *EXCLUDE. Would this adversely affect processes? TIA

Software/Hardware used:
OS/400
ASKED: April 14, 2010  12:51 PM
UPDATED: April 15, 2010  3:38 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

It would only affect processes that needed to send messages to those message queues and that didn’t have sufficient private or adopted authority. If you can predict or determine everything that will need access in the future, *PUBLIC *EXCLUDE seems viable.

I suspect that that might be difficult.

Further, with *PUBLIC *EXCLUDE, then there won’t be any ‘cleaning’ either… unles alternative authority is available. And if authority is available, then *PUBLIC *EXCLUDE won’t help much.

As a general suggestion, create a profile named maybe LOWAUTH that no added authorities at all. Then create a TESTAUTH message queue, perhaps in QGPL. Sign on as LOWAUTH and see what you can do to TESTAUTH. Can you send to it? Can you read the queue? Can you delete individual messages?

Then use EDTOBJAUT to start removing various object and data authorities. E.g., remove *OBJEXIST from *PUBLIC or remove *DELETE. Can LOWAUTH now delete the queue? …delete messages? …send messages?

A little experimentation is easy and may help put you on solid footing.

Beyond that, why were messages being deleted? Don’t you have standard system CLEANUP options set and running? Maybe that’s where you should start looking. Use GO CLEANUP if you need to review some possibilities.

Tom

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following