Authority to STRSRVJOB Command

The odd thing is that they already have *USE authority to this command via the primary group profile, but the production support folks are grousing that they don't have proper authority. They contend that they need *USE authority to start service jobs to restart the system after abends. They say that Operations temporarily grants them *USE authority, then they start the job, then Operations immediately revokes their authority. A member of my "team" has formally proposed to make a permanent change and grant them *USE authority to the "service job objects". But my team member should have checked existing authority before proposing a change. This all sounds fishy to me. As I said, they already have *USE authority to STRSRVJOB and I am not keen to grant additional authority to it. To me, the vast majority of START or END commands in QSYS should be run by Operations. I am wondering what kind of damage someone could cause by abusing the STRSRVJOB command. What should the command be used for? When? And why?

Authority to STRSRVJOB Command

I think you're right to look a bit deeper into this.

They contend that they need *USE authority to start service jobs to restart the system after abends.

Taken as an isolated statement this doesn't sound right. However, you need to examine what procedures they follow when they have to restart jobs. If they have to take dumps and traces of the problem jobs then this will be their justification. But just to restart jobs, no. Incidentally if you dig a bit deeper you may well find that the dumps and traces are simply "taken" but never looked at, so there may be scope for changing the procedure. STRSRVJOB gives you the ability to run other service commands against a job. These include running traces, taking dumps, and running debug. Specifically the commands that can be run against a job once STRSRVJOB has been run on it, and to which they might also want authority, are DMPJOB, DMPJOBINT, DMPOBJ, DMPSYSOBJ, STRDBG, TRCINT, TRCJOB and TRCICF. The security exposure is that by looking at the internals of a job they could get access to data they might not otherwise be authorised to. For example they might be able to watch the company payslips being printed one by one. To take a more extreme example, using debug they could potentially change fields in a program before they are written to disk potentially changing a supplier's credit limit, the value of an invoice, or just about anything. It's important in these situations to remember that we are not accusing anybody of anything. What we are doing is evaluating risk and managing it. Dave...

Authority to STRSRVJOB Command

Sue Behrens wrote: They contend that they need *USE authority to start service jobs to restart the system after abends Sue, could you explain this in more detail. I think you have a solution wrapped within your problem. Dave

Authority to STRSRVJOB Command

Dave A., What they say cannot be the whole story because they already have *USE authority. I have pressed my team member to do her homework and find out what they are really after. In the meantime, I am looking to find out what this command does and the risk involved if someone abuses it. Users ask for the moon, I don't fault them for that. But the job of Change Management, as Dave Kahn pointed out, is to evaluate and manage risk. I am doing the risk evaluation that my team member should have done before recommending a user initiated change. I cannot find a good explanation of the purpose of this command in IBM documentation, and that's why I posted here. I appreciate your thoughts, and also Dave Kahn's. Thank you!

Authority to STRSRVJOB Command

A group of my users is asking for *USE authority to the Start Service Job (STRSRVJOB) command. Is there any security exposure in letting production support types have authority to run this command? Or should it be limited to Operations?

Authority to STRSRVJOB Command

Susan, The only purpose of the command is to establish remote links to the job so that you can subsequently issue one of the eight commands which Dave K. listed in his post. In generic IBM software, this is the only reason. I suppose it is possible that a third-party software vendor or a technical programmer could construct some additional remote service commands, but it doesn't seem likely. Sounds to me like someone is miscommunicating. Is it at all possible that someone is requesting *service special authority, as opposed to authority to service jobs? Andy