Re: ADRDSSU protection [was:RE: Using FTP to send loadlib]

Sat, 02 May 2009 06:14:30 -0700 

Frank Swarbrick pisze:
[...]
So the question is, should I as an applications developer have access to STGADMIN.ADR.COPY.FLASHCPY? Obviously it would help me in this case, but would it also allow me to do things that I probably should not be able to do? 

I would ask: Is there any reason to avoid flashcopy when using DSS COPY?

It's good that we have control over it, it's (I'm presume that) bad that 
someone at your shop denied it. I didn't write "intentionally", because 
it's likely there was unconsciously - just protect everything without 
understanding purpose of given resource.


BTW: ADRDSSU profiles are example of good design.

All the features are divided into two catgories: "safe" and "powerful" 
Safe features are those which do not bypass standard rules. Powerful can 
bypass security checks (ADMIN keyword). Safe resources are available by 
default (no profile = ACCESS ALLOWED). Powerful ones require explicit 
authorization (no profile = ACCESS DENIED).
Of course YMMV and sometimes "safe" resource should be protected. Maybe 
(I doubt it) flashcopy is denied to avoid performance problems.

--
Radoslaw Skorupka
Lodz, Poland


--
BRE Bank SA
ul. Senatorska 18
00-950 Warszawa
www.brebank.pl


Sd Rejonowy dla m. st. Warszawy 
XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, 
nr rejestru przedsibiorców KRS 0000025237

NIP: 526-021-50-88
Wedug stanu na dzie 01.01.2009 r. kapita zakadowy BRE Banku SA (w caoci 
wpacony) wynosi 118.763.528 zotych. W zwizku z realizacj warunkowego 
podwyszenia kapitau zakadowego, na podstawie uchway XXI WZ z dnia 16 marca 
2008r., oraz uchway XVI NWZ z dnia 27 padziernika 2008r., moe ulec 
podwyszeniu do kwoty 123.763.528 z. Akcje w podwyszonym kapitale zakadowym 
BRE Banku SA bd w caoci opacone.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html























					Reply via email to