Tweet
Can anyone tell me why the IBM STRDBG command does not carry forward adopted authority? That is, if you're in debug and press F21 to bring up the IBM command line window, you loose the adopt authority rights. The security guide confirms this statement but does not tell me why. Is there a way around this problem?
-
-
Adopt authority and STRDBG (V4R4)
Frank, What you are seeing is a limitation of adopted authority. I believe that service special authority will get you around this limitation, but it is probably not a good idea to grant service authority just to get around this limitation. One alternative to adopted authority is to use primary group authority. With primary group authority you would use the chgobjpgp command specifying the primary group of the person requiring debug capabilities. Adopted authority is becoming less viable as a means of securing a system because of the variety of interfaces available today, primary groups are not as flexible, but they do work more consistently. David Morris -
Adopt authority and STRDBG (V4R4)
Maybe running debug in another session using STRSRVJOB will get you around the authority problems? Just an idea. I've never tried it. --MarkComment
-
Adopt authority and STRDBG (V4R4)
A guess is that Debug is treated like an exit point, where there is no adoption of authority. Trigger programs also do not use Adopted authority for the same reason. Paul.Comment
-
Adopt authority and STRDBG (V4R4)
I'm guessing it's a security thing. You can get to a command line from STRDBG, and if the authority is adopted this would create a security breach. --MarkComment
-
Adopt authority and STRDBG (V4R4)
True but trigger programs CAN be run with adopted authority. FrankComment
Comment