• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Stopping User from Using the System Request Menu

    March 19, 2008 Hey, Joe

    We have some users who misuse the System Request menu by locking critical records and then transferring to an alternate job. They also sometimes use System Request-2 to cancel their previous requests when they should let those requests run straight through to completion. We’d like to restrict access to the System Request menu just for those users. How can I lock them out?

    –Bert

    There have always been some security and processing issues with allowing everyone to access the System i and AS/400 System Request menu. System Request menu access can be abused and some people need to be kept out. The good news is that it is relatively easy and painless to lock out one, two, or even all *PUBLIC users from accessing the menu.

    The key to locking out System Request menu users lies in knowing that the menu uses a Panel Group (*PNLGRP) object called QGMNSYSR that resides in library QGPL. QGMNSYSR is critical to accessing the System Request menu and if a user doesn’t have authority to that object, he won’t be able to access the menu. By default, the *PUBLIC user has *USE authority to QGMNSYSR, which means that everyone can usually get to the menu. (The *PUBLIC user is a catch-all designation that tells the system what access users can get if they are not explicitly authorized to the object.)

    If you want to limit QGMNSYSR access for just one user, you can do it by changing QGMNSYSR’s authority list to exclude that user from accessing the object. To remove a user’s authority to QGMNSYSR, run the following Grant Object Authority command (GRTOBJAUT).

    GRTOBJAUT OBJ(QSYS/QGMNSYSR)
              OBJTYPE(*PNLGRP) 
    		USER(User_Name) AUT(*EXCLUDE)
    

    This adds an exclusion entry for the user to QGMNSYSR’s authority list. You could also use the Edit Object Authority (EDTOBJAUT) command to add exclusion entries. To do this, run EDTOBJAUT like this:

    EDTOBJAUT OBJ(QSYS/QGMNSYSR) OBJTYPE(*PNLGRP)
    

    From the Edit Object Authority screen that appears, press the F6 key, Add New Users, to add an *EXCLUDE authority entry for the user.

    Both techniques perform the same function. After running these commands, the object’s authority list would look like this.

    User        Group       Authority   
    *PUBLIC                 *USE        
    User_name               *EXCLUDE        
    QSYS                    *ALL        
    

    And whenever your locked out user tries to access the System Request menu, he will get the following error message:

    CPD2317 - No authority to use system request functions.
    

    The nice thing about this technique is that you can easily add *EXCLUDE entries for individual users, users belonging to certain group profiles, or for all users who are specifically listed in an authorization list object (object type *AUTL). It’s also a simple matter to exclude all *PUBLIC users from the System Request menu by running the following GRTOBJAUT command.

    GRTOBJAUT OBJ(QSYS/QGMNSYSR) OBJTYPE(*PNLGRP) USER(*PUBLIC) AUT(*EXCLUDE)
    

    Adding this entry stops all *PUBLIC users from accessing the System Request menu. By restricting *PUBLIC users, you can completely lock down the menu to unauthorized usage. The nice thing is that if you do restrict *PUBLIC access to the menu, you can always let specific users back in by explicitly giving them access to QGMNSYSR. This can be done by running the following GRTOBJAUT command.

    GRTOBJAUT OBJ(QSYS/QGMNSYSR) OBJTYPE(*PNLGRP) USER(User_name) AUT(*USE)
    

    So it’s a relatively easy process to restrict and grant access to the System Request menu. It’s just a matter of knowing which command to use.

    Additional Information From a Previous Article

    Regarding my article on Configuring Messaging Software for Overnight Monitoring, Kurt Thomas of CCSS wrote in to remind me that Bytware and Help/Systems aren’t the only ones offering monitoring and paging software for the System i:

    I work for CCSS, and our QSystems Management line of products allows you to use the methodology you described. QRemote Control allows you to send out SMS messages directly [to the user], using a small GSM device. It also allows you to not only receive messages from the system, but to actively request information about the system; and to use escalations for structured notifications.

    Kurt’s point is well taken and when searching for System i software products, you should always check out the full range of vendors who offer those products.

    –Joe

    RELATED STORY

    Configuring Messaging Software for Overnight Monitoring



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    Chilli IT

    Chilli is one of the UKs leading IBM support and management providers with 20 years’ experience in the power and storage industry. Our bespoke solutions for maintenance, security and infrastructure delivers a service which is cost effective, increases productivity and enhances efficiency. Our ethical approach and unrivalled knowledge has secured business partnerships with blue-chip companies in the technology, retail, banking and travel sectors.

    As an IBM Business Partner, we provide you with the peace of mind that you are working in partnership with a company accredited to the highest standard. Our team of experts have worked together for many years and deliver projects which include consolidation, High Availability, Operating System upgrades; and backup and recovery installations.

    Contact us to see how we can help your business with IBM support and management.

    www.chilli-it.co.uk

    info@chilli–it.co.uk

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    COMMON:  Join us at the annual 2008 conference, March 30 - April 3, in Nashville, Tennessee
    LANSA:  It's Time for 4 days of education at the LANSA User Conference, May 4 – 7, in Orlando
    MoshiMoshi:  An Interactive Experience for the System i Community. Coming March 30.

    IT Jungle Store Top Book Picks

    Easy Steps to Internet Programming for AS/400, iSeries, and System i: List Price, $49.95
    Getting Started with PHP for i5/OS: List Price, $59.95
    The System i RPG & RPG IV Tutorial and Lab Exercises: List Price, $59.95
    The System i Pocket RPG & RPG IV Guide: List Price, $69.95
    The iSeries Pocket Database Guide: List Price, $59.00
    The iSeries Pocket Developers' Guide: List Price, $59.00
    The iSeries Pocket SQL Guide: List Price, $59.00
    The iSeries Pocket Query Guide: List Price, $49.00
    The iSeries Pocket WebFacing Primer: List Price, $39.00
    Migrating to WebSphere Express for iSeries: List Price, $49.00
    iSeries Express Web Implementer's Guide: List Price, $59.00
    Getting Started with WebSphere Development Studio for iSeries: List Price, $79.95
    Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00
    Getting Started with WebSphere Express for iSeries: List Price, $49.00
    WebFacing Application Design and Development Guide: List Price, $55.00
    Can the AS/400 Survive IBM?: List Price, $49.00
    The All-Everything Machine: List Price, $29.95
    Chip Wars: List Price, $29.95

    Gumbo Creates Digitally Signed PDFs from i5/OS Spool Files Recession Alert: IBM Gooses System i Maintenance Prices

    Leave a Reply Cancel reply

Volume 8, Volume 11 -- March 19, 2008
THIS ISSUE SPONSORED BY:

Help/Systems
Guild Companies
WorksRight Software

Table of Contents

  • Grouping a Union
  • Remember the Allocation
  • Stopping User from Using the System Request Menu

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • IBM i 7.3 TR12: The Non-TR Tech Refresh
  • IBM i Integration Elevates Operational Query and Analytics
  • Simplified IBM i Stack Bundling Ahead Of Subscription Pricing
  • More Price Hikes From IBM, Now For High End Storage
  • Big Blue Readies Power10 And IBM i 7.5 Training for Partners
  • IBM Delivers More Out-of-the-Box Security with IBM i 7.5
  • Groundhog Day For Malware
  • IBM i Community Reacts to IBM i 7.5
  • Four Hundred Monitor, May 11
  • IBM i PTF Guide, Volume 24, Number 19

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2022 IT Jungle

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.