DSPJOBLOG - unsecure

I guess we attack the problem from the other end. Application jobs donot run under profiles that have *ALLOBJ authority. Our data security people have a problem with any application either inhouse of 3rd party that wants to run using a user profile that has *ALLOBJ authority. There are very few exceptions, and these are in the area of systems jobs (such as data mirroring, message monitoring). Where a job needs to run a step that requires greater authority then the job uses adopted authority to achieve this level of security. David

DSPJOBLOG - unsecure

You can write a CL pgm that can be prompted to input the job name, user, and number just like the normal DSPJOB command. when you compile this cl pgm have it adopt the qsecofr authority. Then just have the users use this command to display the job log of any job with *allobj authority. PGM PARM(&JOB &OUTPUT &OUTFIL &OUTMBR) DCL VAR(&JOB) TYPE(*CHAR) LEN(26) DCL VAR(&OUTPUT) TYPE(*CHAR) LEN(8) DCL VAR(&OUTFIL) TYPE(*CHAR) LEN(20) DCL VAR(&OUTMBR) TYPE(*CHAR) LEN(18) DCL VAR(&JOBNAM) TYPE(*CHAR) LEN(10) DCL VAR(&JOBUSR) TYPE(*CHAR) LEN(10) DCL VAR(&JOBNUM) TYPE(*CHAR) LEN(6) DCL VAR(&DUMMYF) TYPE(*CHAR) LEN(20) DCL VAR(&DUMMYM) TYPE(*CHAR) LEN(18) DCL VAR(&MSGID) TYPE(*CHAR) LEN(7) DCL VAR(&MSGDTA) TYPE(*CHAR) LEN(132) DCL VAR(&MSGF) TYPE(*CHAR) LEN(10) DCL VAR(&MSGFLIB) TYPE(*CHAR) LEN(10) MONMSG MSGID(CPF0000) EXEC(GOTO CMDLBL(CMDERR)) /* SUB-STRING "JOB" TO FIND JOB NAME, USER, AND NUMBER */ CHGVAR VAR(&JOBNAM) VALUE(%SST(&JOB 1 10)) CHGVAR VAR(&JOBUSR) VALUE(%SST(&JOB 11 10)) CHGVAR VAR(&JOBNUM) VALUE(%SST(&JOB 21 6)) CHGVAR VAR(&DUMMYF) VALUE(&OUTFIL) MONMSG MSGID(MCH0000) CHGVAR VAR(&DUMMYM) VALUE(&OUTMBR) MONMSG MSGID(MCH0000) DSPJOBLOG JOB(&JOBNUM/&JOBUSR/&JOBNAM) OUTPUT(&OUTPUT) GOTO CMDLBL(ENDPGM) CMDERR: RCVMSG MSGDTA(&MSGDTA) MSGID(&MSGID) MSGF(&MSGF) + MSGFLIB(&MSGFLIB) IF COND(&MSGID *EQ ' ') THEN(GOTO CMDLBL(ENDPGM)) SNDPGMMSG MSGID(&MSGID) MSGF(&MSGFLIB/&MSGF) + MSGDTA(&MSGDTA) MSGTYPE(*DIAG) GOTO CMDLBL(CMDERR) ENDPGM: ENDPGM