Q
Manage Learn to apply best practices and optimize your operations.

Giving permission to view production logs

How can I give the programmers access to view production (and in some cases development) job logs without giving them *ALLOBJ authority?

To allow operators or employees who are on-call and need to debug a job that's running under a profile that has *ALLOBJ, create a simple CL program.

PGM
? DSPJOBLOG
ENDPGM

Have that program be owned by a user with *ALLOBJ special authority and then set the user profile parameter of the compiled CL program to be *OWNER (in other words, have the program adopt authority.) This program will prompt the Display Job Log (DSPJOBLOG) command. Restrict this command to only users with the need to see this type of joblog. The user will need the job number, but will be able to view the joblog of the *ALLOBJ user.

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips


This was last published in March 2004

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

Close