DDM vs Object authority

You are on the right track. Authority for data on the target system is determined by the authority given to QUSER. Dave

DDM vs Object authority

David, Isn't that only if the inquiring user profile doesn't exist then it uses QUSER? I know a ICF comm. job starts-up in QCMN with QUSER as the default (unless a communication entry is added), but I thought the person's user profile got pasted as part of the request. John

DDM vs Object authority

Denis, Here's a link you might find helpfull. http://publib.boulder.ibm.com/pubs/h...ne/v4r3eng.htm Search the books for ddm file authority. See chapter 4 of the DDM Management Book. It expands source and target security. John

DDM vs Object authority

thank you

DDM vs Object authority

Ok, I really don't know a lot about this but I did sleep at a Holiday Inn Express last night. The DDM user profile used on the target depends on the device used to connect to the remote system. If this device specifies SECURELOC(*NO), then the default user authorities, typically QUSER on the target system, are used to process the file. If SECURELOC(*YES) is specified then, then the user on the source system must have the same profile on the target system and this user profile is used on the target system - no password necessary. If SECURELOC(*VFYENCPWD) is specified instead, then both the user profile and password on the target system much match those on the source system. By giving QPMGR *ALLOBJ authority, a user logged in directly to the target machine that may not be able to view a sensitive file can now login to the source machine, create a DDM and see the sensitive file on the target machine. You may want to grant *PUBLIC authority of *EXCLUDE to the CRTDDMF command. Chris

DDM vs Object authority

I recently was called in an emergency situation where a client had the same UserIds on two separate boxes, and DDM was failing. Granting QUSER authority did the trick. OTOH situations differ, and you may be correct in many cases. Dave