Manage Learn to apply best practices and optimize your operations.

Securing third-party libraries

I am trying to secure several third-party libraries so only certain user profiles can access them. The owner is QSECOFR and *PUBLIC is set to *EXCLUDE. I have a validation list set for these libraries with the user profiles needing access. When I sign on as a user who is not in the access list and is *USER, I can still do a runqry to access the files in these libraries. When I check the object authority for the library using that profile, it lists *ADOPT *ALL. What am I missing? Does the runqry command use adopted authority? I still want certain users to be able to use runqry, just not with these libraries.

Because you see *ADOPT *ALL when you do a DSPOBJAUT (Display Object Authority), that means that some program adopts and is still in the call stack. I'm going to guess it's the user's initial program or one (or more) of the application programs. To determine which program, add *PGMADP to the QAUDLVL system value and try doing the RUNQRY. There should be an audit entry generated that will tell you which program's adopted authority was used to access the libraries.

================================== MORE INFORMATION ON THIS TOPIC ==================================

The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.