You can try the following approach.
Where XXX is the OWNER of the object who has authority to execute that command.
Try a simple version like the following:<pre>
dcl &cmd *char 128 value( ‘?sndmsg’ )
call qcmdchk ( &cmd 128 )
sndjrne jrn( QAUDJRN ) type( JC ) entdta( &CMD )
call qcmdexc ( &cmd 128 )
CRTBNDCL PGM( mylib/TSTPMTCL )
SRCFILE( mylib/QCLSRC )
SRCMBR( TSTPMTCL )
DFTACTGRP( *NO )
ACTGRP( *NEW )
USRPRF( *OWNER )
LOG( *YES )
DBGVIEW( *ALL )</pre>
The example uses a SNDMSG command. If you used it, you might replace SNDMSG with CRTCLMOD or CRTBNDCL to compile your programs.
The program will prompt the command that you put in the value for &cmd and let you fill in the parms. It will then log the command in QAUDJRN in a U/JC entry. (Use any two characters that you like. I used JC just because it might mean “journaled command”.) Then it executes the command with whatever parms were filled in by you.
You might want to increase the size of &cmd from 128. And you might want to add error checking too.
Because CRTBNDCL uses USRPRF(*OWNER) when it’s compiled, the program will use the authority of its owner whenever you don’t have sufficient authority — it will ‘adopt’ authority if it’s needed. Note that USEADPAUT() has no reason to be there.
When the program is created, edit the program object authority to change your authority to *USE. Then change the program ownership to some other profile that has authority to commands from which you are excluded. Don’t revoke your authority when ownership is changed.
You will then have the authority to use the program, but you will no longer own it. The owner will have authority to use commands that you don’t have authority to. The program will adopt owner authority when you need it. And it will create an audit trail of the command that you executed under the enhanced authority.
Pretty simple if you look at it, but it contains the basics of everything you need.