Q: The users on my system are members of a group profile that is the owner of production files. The application package requires that users be members of the group profile that owns the production files. The users are limited to menus, and the application limits what users can do, so this has not been a security exposure.
I want to allow some users to analyze production data using Query/400 on the production files. I am concerned that the outfile option of Query/400 could be used to modify the production files. Is there a way that I can block the outfile capability?
A: I am not aware of any method to block the outfile capability, but I do have an alternative solution that gives the users read-only access while running a query.
Your concern that users can modify the production files in a query is justified. If users have *CHANGE authority to a file, they can use the outfile feature of Query/400 to modify the production files.
I am aware of a case where production data was accidently destroyed. A user wanted to create a modified version of production data in an outfile but specified the production master file by mistake and wrote data over the production files.
If users are allowed to define queries using the Work With Queries (WRKQRY) command, they should not be a member of the group profile that owns the production files or has *CHANGE authority to production files. One solution would be to give the users a second user profile that would be used for their query work. This is not convenient for the users because they would be required to sign-on with a second profile.
You can dynamically change a group profile with the Set Group Profile (SETGRPPRF) command presented in the "Dynamic Change of Group Profile," MC, May 1994. However, if you want to change the group profile back to what it was prior to running the SETGRPPRF command, you have to specify the old group profile name.
I have enhanced the SETGRPPRF command to allow you to easily reset the group profile back to what is was. With the new version, you simply specify *RESET for the group profile (GRPPRF) parameter of the SETGRPPRF command.
When users select the option to define a query, change the user's group profile to one that has read-only access. Here are the steps you need to follow:
1. Create another user profile. I called it GRPPRDUSE (Group Production Use). Give the GRPPRDUSE profile *USE authority to the production files.
2. Prior to allowing users to define a query, change their group profile to GRPPRDUSE with the SETGRPPRF command. 1 shows the CL commands that can be executed when users select a menu option to initiate the query.
2. Prior to allowing users to define a query, change their group profile to GRPPRDUSE with the SETGRPPRF command. Figure 1 shows the CL commands that can be executed when users select a menu option to initiate the query.
When the user exits from the query, change the group profile back to the production group profile. This is done using the *RESET option of the SETGRPPRF command (see 1).
When the user exits from the query, change the group profile back to the production group profile. This is done using the *RESET option of the SETGRPPRF command (see Figure 1).
2 contains the enhanced SETGRPPRF command source and 3 contains the Command Processing Program (CPP) program to dynamically change a group profile (GRP004CL). The additions for *RESET are shaded.
Figure 2 contains the enhanced SETGRPPRF command source and Figure 3 contains the Command Processing Program (CPP) program to dynamically change a group profile (GRP004CL). The additions for *RESET are shaded.
V3R1 will allow multiple supplemental group profiles to be assigned to a user profile so the dynamic change of group profiles will not be required to give users access. For more information, look for my article on V3R1 security enhancements in an upcoming issue of MC. The dynamic change of profiles will still be useful when you want to restrict users' access in special cases as illustrated by this question.
Security Patrol: Security Questions & Answers
Figure 1 Starting Query Using a Group Profile with *USE Aut
. . SETGRPPRF GRPPRF(GRPPRDUSE) WRKQRY SETGRPPRF GRPPRF(*RESET) . . .
Security Patrol: Security Questions & Answers
Figure 2 The SETGRPPRF Command Source
/*===============================================================*/ /* To compile: */ /* */ /* CRTCMD CMD(XXX/SETGRPPRF) PGM(XXX/GRP004CL) + */ /* SRCFILE(XXX/QCMDSRC) */ /* */ /*===============================================================*/ SETGRPPRF: CMD PROMPT('Set Group Profile') PARM KWD(GRPPRF) TYPE(*NAME) LEN(10) DFT(' ') + SPCVAL((*RESET)) PROMPT('Group profile')
Security Patrol: Security Questions & Answers
Figure 3 Command Processing Program GRP004CL
/*==================================================================*/ /* To compile: */ /* */ /* CRTCLPGM PGM(XXX/GRP004CL) SRCFILE(XXX/QCLSRC) + */ /* USRPRF(*OWNER) */ /* */ /*==================================================================*/ GRP004CL: + PGM PARM(&NEWGROUP) DCL VAR(&NEWGROUP) TYPE(*CHAR) LEN(10) DCL VAR(&OLDGROUP) TYPE(*CHAR) LEN(10) DCL VAR(&USER) TYPE(*CHAR) LEN(10) DCL VAR(&HANDLE) TYPE(*CHAR) LEN(12) DCL VAR(&ERRORSW) TYPE(*LGL) DCL VAR(&MSGID) TYPE(*CHAR) LEN(7) DCL VAR(&MSG) TYPE(*CHAR) LEN(512) DCL VAR(&MSGDTA) TYPE(*CHAR) LEN(512) DCL VAR(&MSGF) TYPE(*CHAR) LEN(10) DCL VAR(&MSGFLIB) TYPE(*CHAR) LEN(10) DCL VAR(&KEYVAR) TYPE(*CHAR) LEN(4) DCL VAR(&KEYVAR2) TYPE(*CHAR) LEN(4) DCL VAR(&RTNTYPE) TYPE(*CHAR) LEN(2) MONMSG MSGID(CPF0000) EXEC(GOTO CMDLBL(STDERR1)) RTVJOBA USER(&USER) IF COND(&NEWGROUP = '*RESET') THEN(DO) CALL PGM(QSYGETPH) PARM(&USER '*NOPWD' &HANDLE) CALL PGM(QWTSETP) PARM(&HANDLE) CALL PGM(QSYRLSPH) PARM(&HANDLE) RMVMSG CLEAR(*ALL) GOTO CMDLBL(ENDPGM) ENDDO ELSE CMD(DO) RTVUSRPRF USRPRF(&USER) GRPPRF(&OLDGROUP) CHGUSRPRF USRPRF(&USER) GRPPRF(&NEWGROUP) IF COND(&OLDGROUP *NE '*NONE') THEN(DO) GRTOBJAUT OBJ(QSYS/&OLDGROUP) OBJTYPE(*USRPRF) USER(&USER) + AUT(*OBJOPR *OBJMGT *READ *DLT *UPD *ADD) ENDDO CALL PGM(QSYGETPH) PARM(&USER '*NOPWD' &HANDLE) CALL PGM(QWTSETP) PARM(&HANDLE) CALL PGM(QSYRLSPH) PARM(&HANDLE) CHGUSRPRF USRPRF(&USER) GRPPRF(&OLDGROUP) GRTOBJAUT OBJ(QSYS/&NEWGROUP) OBJTYPE(*USRPRF) USER(&USER) + AUT(*OBJOPR *OBJMGT *READ *DLT *UPD *ADD) RMVMSG CLEAR(*ALL) GOTO CMDLBL(ENDPGM) ENDDO STDERR1: + /* Standard error handling routine */ IF COND(&ERRORSW) THEN(SNDPGMMSG MSGID(CPF9999) MSGF(QCPFMSG) + MSGTYPE(*ESCAPE)) CHGVAR VAR(&ERRORSW) VALUE('1') /* Set to fail on error */ RCVMSG MSGTYPE(*EXCP) RMV(*NO) KEYVAR(&KEYVAR) STDERR2: + RCVMSG MSGTYPE(*PRV) MSGKEY(&KEYVAR) RMV(*NO) KEYVAR(&KEYVAR2) + MSG(&MSG) MSGDTA(&MSGDTA) MSGID(&MSGID) RTNTYPE(&RTNTYPE) + MSGF(&MSGF) SNDMSGFLIB(&MSGFLIB) IF COND(&RTNTYPE *NE '02') THEN(GOTO CMDLBL(STDERR3)) IF COND(&MSGID *NE ' ') THEN(SNDPGMMSG MSGID(&MSGID) + MSGF(&MSGFLIB/&MSGF) MSGDTA(&MSGDTA) MSGTYPE(*DIAG)) IF COND(&MSGID *EQ ' ') THEN(SNDPGMMSG MSG(&MSG) MSGTYPE(*DIAG)) RMVMSG MSGKEY(&KEYVAR2) STDERR3: + RCVMSG MSGKEY(&KEYVAR) MSGDTA(&MSGDTA) MSGID(&MSGID) MSGF(&MSGF) + SNDMSGFLIB(&MSGFLIB) SNDPGMMSG MSGID(&MSGID) MSGF(&MSGFLIB/&MSGF) MSGDTA(&MSGDTA) + MSGTYPE(*ESCAPE) ENDPGM: + ENDPGM
LATEST COMMENTS
MC Press Online