RATE THIS ANSWER
+1
Click to Vote:
- 1
0
Last Answered:
Mar 3 2008 5:34 PM GMT
by Bvining
A program, when running, can adopt the authority of the person who created/owns the program. You could signon as someone with *SECADM and then recompile the program specifying *OWNER for the USRPRF parameter. Alternatively you can signon as QSECOFR, or the current owner of the program if they're authorized, and use the CHGPGM command -- again specifying USRPRF(*OWNER).
Bruce Vining
http://www.brucevining.com/ Integrated solutions for the System i user community
AS/400 security, AS/400, AS/400 performance
Hi, I was wondering if it is possible to be able to change the password on another user profile with out having the special authority: *SECADM? The reason i'm asking is because we want our internet help desk clerks to be able to reset passwords for people who have for gotten the passwords on the our iSeries. I've written a program that they can select from a menu that only allows them to reset a users password and reset the status to *ENABLED. But it still requires that anyone changing a password have *SECADM and we don't really want our internet help desk clerks to have *SECADM authority. Is any way that i can just temporarily grant the user that is running the change password program *SECADM authority only while they are runing this program? Please help. 
