RSTOBJ *SAVF authority issue – AS400 – JBA

10 pts.
Tags:
JBA
Restore
RSTOBJ
SAVF
We had weekly job that submits to Batch from our JBA MENUS and the CLP pgm does a rstobj from *SAVF that used to work because the User profile on the external AS400 was the same Userid as the object on our AS400.

They deleted that userid on their system because of SOX requirements and so now it's a different user. To get around this I used my profile and the securiry officer granted me all object authority to get the job done temporarily but we also because of SOX do not want users to have all object authoriyt. Is there another way to restore an object to your system not owned by you or a common user on both systems?



Software/Hardware used:
JBA and CLP with RSTOBJ command - AS400 V5R4

Answer Wiki

Thanks. We'll let you know when a new response is added.

Try the *SAVSYS special authority instead of *ALLOBJ.

*SAVSYS
This user has the authority to save, restore, and free
storage for all objects on the system, with or without
object management authority.

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    Be aware that *SAVSYS can be as dangerous as *ALLOBJ. Always remember -- "He who can save an object, can restore the object." Sounds innocuous, but there are serious implications for an object-based operating system. Perhaps a simple program that can execute RSTOBJ under USRPRF(*OWNER) where owner has appropriate authority would be sufficient for an auditor? Tom
    125,585 pointsBadges:
    report
  • ten2008
    Hi, can you give me an example for the implications of using *SAVSYS plz. thanks
    1,150 pointsBadges:
    report
  • TomLiotta
    can you give me an example for the implications of using *SAVSYS plz. Not beyond what I've already said except general common knowledge. For example, *SAVSYS allows saving any object on the system. Part of a save specification might include STG(*FREE). The save can be done to a savefile which could then be deleted. Even without normal authority to the object, there are risks. There are more troublesome elements, but... If you and I knew each other for long enough and I felt that there was minimal risk, then I'd probably discuss it in private. But there's no chance of discussion of serious risks on a public forum. Sorry. There is simply no reason to say much except that "special" authorities always involve serious risks. That's why they're "special". Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following