AS400 Command Line

365 pts.
Tags:
AS/400 commands
Command line
Is there a way to limit user access? I want to eliminate the capability of entering wrksplf (username) [username][/username]on the command line. Thanks,

Answer Wiki

Thanks. We'll let you know when a new response is added.

Yes, you can do that.
On the USRPRF change LMTCPB(*YES)
Limit Capabilities *YES will not allow entry for commands on the command line.
*
If it is only select commands you want to limit, then you need to CHGOBJAUT for the commands.
*
If it is only selected parms, then you need to create your own version of the commands and modify what can be changed.

========================================================

The question is ambiguous. Are you trying to stop users from accessing their own spooled files? You can’t. Restricting WRKSPLF won’t do it. Are you wanting them not to access spooled files of other users? Then take away *SPLCTL (and perhaps *JOBCTL.)

The problem is that spooled files can be accessed in easy ways outside of WRKSPLF from a command line. Simple example is WRKOUTQ. Or GO MAIN, option 1, option 5. Or a number of other possibilities, not to mention lstsplf.exe and wrksplf.exe in a iSeries Access program directory on a PC. Far too many commands and menus lead to spooled files.

What you have to do is remove the <i>capability</i> to manage spooled files of others.

Tom

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • ElTerrifico
    A couple additions to Charlie's excellent answer. Limit capabilities is ignored by the system if the security level is 10, but hopefully that is not the case as that opens up a whole slew of security problems. Also beware that changing the limit capabilities of a user to *YES may have the undesirable side affect of limiting them from other commands and tasks that they already use and need.
    620 pointsBadges:
    report
  • jinteik
    one way to escape from this part is by putting the user to the same group profile which will allow them to use only certain commands... or another way is to give them menu interface which they can only select where they would like to go....if you are using limit capabilities = yes, and you would want them to run certain commands, you have to wrkcmd (type of command) and allow those with menu to access it.
    17,790 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following