Adopted Authority
Home > IT Answers > Security > Adopted Authority
rrnmla
0 pts.
0
Q:
Adopted Authority
Security, RPG
I am extemely new to RPG so I am looking for a simple code that uses adopted authority of SECOFR to an operator temporarily simply to enable users. I know that it can be done, but I would like to know the structure of it from and RPG standpoint. Thanks in advance.
ASKED: Mar 23 2005  2:00 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
RELATED QUESTIONS
0
TomLiotta
8025 pts.
0
A:
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
  • AddThis Social Bookmark Button
After you compile the program with run as *OWNER authority, change the owner to a profile with SECOFR.

================================================================

Place this into a CLLE source member:

 PGM
 
 CHGUSRPRF ??USRPRF()   
           PASSWORD(exppwd)
           PWDEXP(*YES)    
           STATUS(*ENABLED)
 
 RETURN
 ENDPGM


Compile with:

 CRTBNDCL PGM( mylib/mypgm )   
            SRCFILE( mylib/QCLLESRC )
            SRCMBR( mypgm )
            USRPRF(*OWNER)

Grant *PUBLIC *EXCLUDE authority. Grant *USE authority to any profiles you want to run the program.

 CHGOBJOWN OBJ( mylib/mypgm )
           OBJTYPE(*PGM)   
           NEWOWN(QSECOFR)

That will set the owner.

When the program is called, it will prompt to enter the profile being reset. It will then set the password to EXPPWD (or whatever you choose to put there). The password will be expired and the profile will be enabled. When the user signs on, he/she will have to set the temporary expired to a valid password.

Tom
Last Answered: Oct 20 2009  6:41 AM GMT by TomLiotta   8025 pts.
Latest Contributors: StuDog   0 pts.
  •   
0
0
RSS - Discussions Help
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

kholder   0 pts.  |   Mar 23 2005  2:33PM GMT

Adopted authority is very simple. Make sure the PGM is owned by the profile you wish to adopt authority. Make sure *PUBLIC is EXCLUDE from the PGM object and the user profile(s) that will call the PGM has *USE authority.

CHGOBJOWN OBJ(PRGLIB/MYRPGPGM) OBJTYPE(*PGM) NEWOWN(QSECOFR)

Then CHGPGM to use *OWNER

CHGPGM PGM(PGMLIB/MYRPGPGM) USRPRF(*OWNER)

Not sure you should choose QSECOFR. You might want to setup a user profile that has special authority SECADM and use it instead of QSECOFR. Also turn on auditing for that profile.

o Security administrator authority (*SECADM) to users
who need to create, change, or delete user profiles.

 

kholder   0 pts.  |   Mar 23 2005  2:34PM GMT

Adopted authority is very simple. Make sure the PGM is owned by the profile you wish to adopt authority. Make sure *PUBLIC is EXCLUDE from the PGM object and the user profile(s) that will call the PGM has *USE authority.

CHGOBJOWN OBJ(PRGLIB/MYRPGPGM) OBJTYPE(*PGM) NEWOWN(QSECOFR)

Then CHGPGM to use *OWNER

CHGPGM PGM(PGMLIB/MYRPGPGM) USRPRF(*OWNER)

Not sure you should choose QSECOFR. You might want to setup a user profile that has special authority SECADM and use it instead of QSECOFR. Also turn on auditing for that profile.

o Security administrator authority (*SECADM) to users
who need to create, change, or delete user profiles.

 

TheQuigs   0 pts.  |   Mar 24 2005  8:04AM GMT

Here’s a link to an article by Wayne O. Evans on how to securely do exactly what you want:

 <a href="http://www.itjungle.com/fhg/fhg081804-story02.html" title="http://www.itjungle.com/fhg/fhg081804-story02.html" target="_blank">http://www.itjungle.com/fhg/fhg081804-st…</a>

Wayne Evans is widely recognized as one of (if not the) foremost experts on OS/400 security.

 

nevster   0 pts.  |   Mar 25 2005  2:52AM GMT

From what I understand of your question it seems you want someone to be able to set up and maintain user profiles, passwords,etc. The operator’s profile needs special authority of *SECADM to deal with users although they wont be able to see any profiles created at *SECOFR level.

 
0