Comments on: as400security administrator http://itknowledgeexchange.techtarget.com/itanswers/as400security-administrator/ Fri, 24 May 2013 19:50:07 +0000 hourly 1 By: tomliotta http://itknowledgeexchange.techtarget.com/itanswers/as400security-administrator/#comment-69125 tomliotta Fri, 16 Oct 2009 01:35:27 +0000 #comment-69125 One minor note… Once *SECADM is available to your new security administrator, that administrator can create as many profiles as he/she wants. Those new profiles do not need to be created with any group membership. However, that administrator cannot give those new profiles authorities that the administrator does not have.

The administrator doesn’t need to be a member of any group. The administrator only must have at least *CHANGE authority to a group profile before the new profile can be given membership into the group by the administrator. By granting the administrator authority to multiple group profiles, new users can be given membership into any of them.

If the administrator is made a member of a group, the authorities of that group become available to the administrator. Note that a group profile does not have to have *CHANGE authority to itself. (Which may seem strange, and it can have unexpected effects.)

Tom

]]> By: dand http://itknowledgeexchange.techtarget.com/itanswers/as400security-administrator/#comment-64992 dand Tue, 30 Jun 2009 18:18:24 +0000 #comment-64992 You can give admin profile *SECADM but do not give it *ALLOBJ and you can restrict that user from libraries. Put the profile in a group that is *exclude to those libs or where it doesn’t have authority and *PUBLIC is *exclude to the libraries and objects in them. I reccomend using authorization list on the libs and objects and having lib/object owners different for each application or in your case, geographical area. If your admin profile doesn’t have *ALLOBJ it will only be able to create profiles for users in the same group that it is in or that it has authority to. Make sure it is only authorized to the group for the region you want it to admin by making sure all other profiles and libs are *PUBLIC *EXCLUDE.

]]> By: nikolai1960 http://itknowledgeexchange.techtarget.com/itanswers/as400security-administrator/#comment-64908 nikolai1960 Sun, 28 Jun 2009 15:48:02 +0000 #comment-64908 dear sir

thanks a lot, what i need to do is to create a user profile who will only create,copy and delete
user profiles for a select group of users and have access to only a list of libraries with no
no authority to other libraries and other users in the system.

Basically we wanty to create a regional user profile for that area users only

Can you please let me know

thanks

]]>