System request menu

A user can use the system request function to suspend the current job and display the System Request Menu. The System Request Menu allows the user to send and display messages, transfer to a second job, or end the current job. This might represent a security exposure because the public authority to the System Request Menu is *USE when a system is shipped.

The simplest way to prevent users from accessing this menu is to restrict authority to the panel group QGMNSYSR:
  • To prevent specific users from seeing the System Request Menu, specify *EXCLUDE authority for those users:
    GRTOBJAUT OBJ(QSYS/QGMNSYSR) +
              OBJTYPE(*PNLGRP)   +
              USER(USERA) AUT(*EXCLUDE)
  • To prevent most users from seeing the System Request Menu, revoke public authority and grant *USE authority to specific users:
    RVKOBJAUT OBJ(QSYS/QGMNSYSR) +
              OBJTYPE(*PNLGRP) +
              USER(*PUBLIC) AUT(*ALL)
    GRTOBJAUT OBJ(QSYS/QGMNSYSR) +
              OBJTYPE(*PNLGRP)   +
              USER(USERA) AUT(*USE)

Some of the actual commands used for the System Request menu come from the CPX2313 message in the QCPFMSG message file. Commands are qualified with a library name from the CPX2373 message. The values in the CPX2373 message for each command are *NLVLIBL or *SYSTEM. Someone might potentially use the Override Message File (OVRMSGF) command to change the commands that the System Request menu options use.

Each time the System Request key is pressed, the system automatically changes the current user profile of the job to the initial user profile of the job. This is done so that the user does not have any additional authority on the System Request menu or in the Presystem Request Program exit program. After the System Request function is completed, the current user profile of the job is returned to the value that it was before the System Request key was pressed.

You can prevent users from selecting specific options from the System Request Menu by restricting the authority to the associated commands. Table 1 shows the commands associated with the menu options:

Table 1. Options and commands for the system request menu
Option Command
1 Transfer Secondary Job (TFRSECJOB)
2 End Request (ENDRQS)
3 Display Job (DSPJOB)
4 Display Message (DSPMSG)
5 Send Message (SNDMSG)
6 Display Message (DSPMSG)
7 Display Workstation User (DSPWSUSR)
10 Start System Request at Previous System (TFRPASTHR). (See note below.)
11 Transfer to previous system (TFRPASTHR). (See note below.)
12 Display 3270 emulation options (See note below.)
13 Start System Request at Home System (TFRPASTHR). (See note below.)
14 Transfer to Home System (TFRPASTHR). (See note below.)
15 Transfer to End System (TFRPASTHR). (See note below.)
80 Disconnect Job (DSCJOB)
90 Sign-Off (SIGNOFF)
Notes:
  1. Options 10, 11, 13, 14, and 15 are displayed only if display station pass-through has been started with the Start Pass-Through (STRPASTHR) command. Option 10, 13, and 14 are only displayed on the target system.
  2. Option 12 is only displayed when 3270 emulation is active.
  3. Some of the options have restrictions for the System/36 environment.
For example, to prevent users from transferring to an alternative interactive job, revoke public authority to the Transfer to Secondary Job (TFRSECJOB) command and grant authority only to specific users:
RVKOBJAUT OBJ(TFRSECJOB) OBJTYPE(*CMD)
          USER(*PUBLIC) AUT(*ALL)
GRTOBJAUT OBJ(TFRSECJOB) OBJTYPE(*CMD)
          USER(USERA) AUT(*USE)

If a user selects an option for which the user does not have authority, a message is displayed.

If you want to prevent users from general use of the commands from the System Request menu but still want them to be able to run a command at a specific time (such as sign-off), you can create a CL program that adopts the authority of an authorized user and runs the command.