Environment
NetIQ Security Solutions for iSeries 8.1
PSSecure
Remote Request Management (RRM)
Situation
RRM is swapping Robot's user back.
RRM is unexpectedly swapping back from Robot's user to the enduser's profile, causing access failures.
Resolution
Either make 2 user/server overrides. User/Server overrides do not log the incoming transactions in RRM.
Op User Server Action
RBTUSER DBINIT *TRUSTED
RBTUSER DBSQL *TRUSTED
Or 2 Secured Entries, specifying the robot user they are allowed to swap to. Using Secured Entries, allows RRM to log the incoming transactions for reporting purposes or collected entry use.
Op S User Network Operation Action Swap Prf
Y ENDUSER *ALL DBINIT_*ALL_*ALL *PASS RBTUSER
Y ENDUSER *ALL DBSQL_*ALL_*ALL *PASS RBTUSER
* Using Secured Entries, requires that the Exit Points QIBM_QZDA_INIT (DBINIT), QIBM_QZDA_SQL1 (DBSQL), and QIBM_QZDA_SQL2 (DBSQL) are in Secured Mode (ie SECURED *YES).
Cause
RRM has internal checks to make sure that incoming transactions don't swap to an unauthorized profile in order to prevent privilege elevation attacks.