Security considerations for CPYACTF and RGZACTF - assure_mimix - 10.0

Assure MIMIX Promoter User Guide

Product type
Software
Portfolio
Integrate
Product family
Assure
Product
Assure MIMIX™ Software
Version
10.0
Language
English
Product name
Assure MIMIX
Title
Assure MIMIX Promoter User Guide
Topic type
How Do I
Copyright
2021
First publish date
1999
ft:lastEdition
2023-08-01
ft:lastPublication
2023-08-01T14:40:24.932940

When the CPYACTF or RGZACTF file command is invoked, the command runs under the current job user of the user profile used to submit the request. The command calls a program to perform the requested operation. The program runs under the MIMIXOWN user profile, which has *ALLOBJ authority, and adopts authority from MIMIXOWN.

In a MIMIX environment, other MIMIX operations may also directly invoke the program that performs a copy or reorganize operation.

When you submit copy or reorganize requests, consider the following:

  • Does the user profile you will use for submitting copy or reorganize requests have adequate authority?

    If you change the job description, the user profile used to submit requests must have sufficient authority to work with the file and, if needed, to create and delete a journaling environment. For reorganize file requests, the submitting user profile must also have authority to reset object authorities and ownership.
  • Will this user profile have access to products and functions to which it may not otherwise have authorization?

When invoked from the command line or by programs other than MIMIX for a file that has row or column access controlled by enabled permissions or masks, the following occurs:

  • The RGZACTF command will fail.

  • The CPYACTF command will fail when the default value *NO is used for the Allow access control (ALWACCCTL) parameter.

    The ALWACCCTL parameter on the CPYACTF command supports the value *YES, which allows the specified file with permissions or masks to be copied. Be aware that when *YES is specified, the data in the resulting file depends on the access granted to the user profile used to run the command. Data to which the user is not authorized (rows, columns, or data within fields) will not be copied to the resulting file or may have different values (nulls or other values as determined by the administrator who defines access control). Function access is controlled by the administrator for the QIBM_DB_SECADM function of the operating system.