In order to add authority to a profile, your profile must already have that authority. According to the IBM help screen: *SECADM Security administrator authority is given to the user. The user can create, change, or delete user profiles if authorized to the Create User Profile (CRTUSRPRF), Change User Profile (CHGUSRPRF), or Delete User Profile (DLTUSRPRF) commands and is authorized to the user profile. <b>This authority does not allow giving special authorities that this user profile does not have.</b> To give *SECADM special authority to another user, a user must have both *ALLOBJ and *SECADM special authorities. =============================================== Note that the above is true in the context of the "effective" user profile (or current user) for a job. The effective and current users for a job can be changed during run-time. A job user may call a program that <i>supplies</i> an effective user through the mechanism called "adopted authority". This adopted authority remains in effect as long as the program remains in the call stack. (Other programs lower in the call stack may choose not to propagate adopted authority to lower levels though.) Or a job user may call a program that changes the job's current user to a more powerful profile. The current user of a job remains in effect until later calls revert the job back to the job user's authority. (Typically, the programs that switch a new current user in and back out gain the capability through adopted authority.) In short, a low-authority user may be granted the permission to CALL programs that temporarily supply needed authority. Tom

In order to add authority to a profile, your profile must already have that authority. According to the IBM help screen: *SECADM Security administrator authority is given to the user. The user can create, change, or delete user profiles if authorized to the Create User Profile (CRTUSRPRF), Change User Profile (CHGUSRPRF), or Delete User Profile (DLTUSRPRF) commands and is authorized to the user profile. <b>This authority does not allow giving special authorities that this user profile does not have.</b> To give *SECADM special authority to another user, a user must have both *ALLOBJ and *SECADM special authorities. =============================================== Note that the above is true in the context of the "effective" user profile (or current user) for a job. The effective and current users for a job can be changed during run-time. A job user may call a program that <i>supplies</i> an effective user through the mechanism called "adopted authority". This adopted authority remains in effect as long as the program remains in the call stack. (Other programs lower in the call stack may choose not to propagate adopted authority to lower levels though.) Or a job user may call a program that changes the job's current user to a more powerful profile. The current user of a job remains in effect until later calls revert the job back to the job user's authority. (Typically, the programs that switch a new current user in and back out gain the capability through adopted authority.) In short, a low-authority user may be granted the permission to CALL programs that temporarily supply needed authority. Tom