Unauthorized access to information

The example demonstrates the potential risk of unauthorized access to information in the library.

Assume Program A in Figure 1 adopts the authority of USER1, who has *ALL authority to File A. Assume that Program B is called by Program A (adopted authority remains in effect). A knowledgeable user can create a substitute Program B that just calls the command processor. The user will have a command line and complete access to File A.