View Full Version : Adopt authority and STRDBG (V4R4)
01-01-1995, 02:00 AM
Can anyone tell me why the IBM STRDBG command does not carry forward adopted authority? That is, if you're in debug and press F21 to bring up the IBM command line window, you loose the adopt authority rights. The security guide confirms this statement but does not tell me why. Is there a way around this problem?
02-25-2000, 03:14 AM
Frank, What you are seeing is a limitation of adopted authority. I believe that service special authority will get you around this limitation, but it is probably not a good idea to grant service authority just to get around this limitation. One alternative to adopted authority is to use primary group authority. With primary group authority you would use the chgobjpgp command specifying the primary group of the person requiring debug capabilities. Adopted authority is becoming less viable as a means of securing a system because of the variety of interfaces available today, primary groups are not as flexible, but they do work more consistently. David Morris
02-25-2000, 03:38 AM
Maybe running debug in another session using STRSRVJOB will get you around the authority problems? Just an idea. I've never tried it. --Mark
02-25-2000, 08:57 AM
A guess is that Debug is treated like an exit point, where there is no adoption of authority. Trigger programs also do not use Adopted authority for the same reason. Paul.
02-25-2000, 09:44 AM
I'm guessing it's a security thing. You can get to a command line from STRDBG, and if the authority is adopted this would create a security breach. --Mark
03-16-2000, 10:56 AM
True but trigger programs CAN be run with adopted authority. Frank
Powered by vBulletin® Version 4.1.5 Copyright © 2013 vBulletin Solutions, Inc. All rights reserved.