DLTOBJ command restricted

1420 pts.
AS/400 commands
Object authority
in our concern we have restricted the command dltobj? also no user shld not delete any object without confirmation mail from secadmin?but some users delete the objects using the option 4/ how can we find that object and the user who deleted that object?

Answer Wiki

Thanks. We'll let you know when a new response is added.

If you are doing system level journaling. Then you have to check system journal receiver entries via outfile.


Discuss This Question: 5  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • deepu9321
    How are you restricting user? Is it at command level? DLTOBJ command looks like TAATOOL command. When you are restricting the user from DLTOBJ, When user takes option '4' the corresponding Command will be DLTF(for file), DLTPGM(for Program), You will need to restrict the user from using all these commands. Are you restricting the user without using these commands also? Pradeep.
    4,980 pointsBadges:
  • CharlieBrowne
    With jounaling you would be able to find out who did it, but you would not be able to easily restore the data since the the journal would only contain a single entry that the file was deleted. You would have to RSTOBJ from a backup and then use the Journal to apply all the changes that were done since that backup. Now, regarding restricting a user from deleting an object. You can use standard AS400 Authority to do this. My questions are: What users are working from a cmd line? and what are they doing? What types of files/objects are they deleting? There are many different ways to control this, but without having more knowledge of the problem and the business logic to give users use of a command line, it would be useless to give more suggestions. Point of clarification: When you say users, I am assuming you do not mean develoeprs.
    62,385 pointsBadges:
  • TomLiotta
    DLTOBJ is a i 7.1 command from IBM. It was provided as a generic command to handle many kinds of objects. However, each object has a specific command that works on that kind of object. Further, many objects can be deleted using the IFS form with the DEL command or using Qshell and the rm utility (or using other shells). Objects may even be deleted using Windows Explorer without actually entering any commands at all. The only real way to stop users from deleting files is to remove their authority to delete the files. Use resource security to set your rules. Then your users can run DLTOBJ as often as they want, but those files won't be deleted. If users have the authority to delete an object, then securing a command won't protect that object. It just adds more work for administrators. Tom
    125,585 pointsBadges:
  • Splat
    Tom, I seem to remember that command on the S/38, and a right nuisance it was too. It was replaced with the various object-specific delete commands as it was a bit too indiscriminate for most developers.
    12,915 pointsBadges:
  • The Most-Watched IT Questions: October 4, 2011 - ITKE Community Blog
    [...] 7. Abiha6325, Deepu9321, CharlieBrowne, TomLiotta, and Splat discuss a member’s policy of restricting the DLTOBJ command. [...]
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: