Tweet
I've been given the task of bettering our security on query. Some one in the history of the company I work for chose to tighten security on qurey by changing the user's group profile so as not to allow access to certain files. Plus it changes the RUNPTY to a lower priority so if they try to run the query interactivly it wont bring the system to it's knees. My problems are: 1) if they are still in query and jump to another session and then submit a batch job that tries to clear a work file, they error out with not having proper authority to clear the file. 2) Iteractively they move from screen to screen very slowly because of the lower RUNPTY. But we don't want them to run big queries interactively. Any ideas on how to better this, or at least do it a differant way. Thanks a ton. Mark
-
-
Query Security
1) if they are still in query and jump to another session and then submit a batch job that tries to clear a work file, they error out with not having proper authority to clear the file. Reply: I do not understand this error. Authority? or File Lock? 2) Iteractively they move from screen to screen very slowly because of the lower RUNPTY. But we don't want them to run big queries interactively Reply: You can change the command RUNQRY to not be allowed interactively "CHGCMD CMD(RUNQRY) ALLOW(*BMOD *BREXX *BPGM *EXEC *BATCH)". This will stop anyone from doing a RUNQRY from an interactive session. This will also disallow anyone from using F5 from witin WRKQRY as well. Good Luck. -
Query Security
"Reply: I do not understand this error. Authority? or File Lock?" Sorry I don't have the exact error message number on hand but it is authority not file lock.Comment
Comment