[Info-vax] Restrict the use of SUBMIT/USER= to one particular user.
Valentin Likoum
valentin.likoum at gmail.com
Mon Nov 7 06:12:50 EST 2016
понедельник, 7 ноября 2016 г., 13:52:47 UTC+4 пользователь Joe написал:
> We have a set of application users who submit some application batches on a specific user with the command SUBMIT/USER=APP$MGR. To perform this, the application users are provided with CMKRNL privilege. I notice at times some users use this privilege and submit some jobs under SYSTEM user. What would be the best way to restrict this?
> I'm thinking of a captive menu to get all the required details and validate the user part and then submit in the background, is this a good idea?
> Do we have any other option to restrict this easily?
/* Resent via Google Groups, sorry for possible duplicates - looks like rbsn gate is working in RO mode for me. */
I wrote special program exactly for this purpose. Not a big deal
actually, just a wrapper for sys$sndjbc. It parses cmd string
(qualifiers are the same as for SUBMIT, excluding "/USER" obviously),
checks right of given user to submit given cmd file against config
stored in database and submits it. Program is installed with CMKRNL
privilege, users don't have such dangerous priv. "APP$MGR" can be
hardcoded in program or be taken from logical name or configuration or
somewhere else.
More information about the Info-vax
mailing list