We have an administrator here that we are trying to limit access on and I wanted to know if anyone else has solved this issue. I spoke with IBM and we have restricted the access to ADDUSRPRF and DLTUSRPRF commands and we have also restricted access to certain user profiles like QSECOFR and QSYSOPR. The problem is that this user needs to be able to re-enable user profiles as part of his on-call duties. The IBM technician said that there might be a way to further limit him with a CL program. Has anyone else been able to figure this out?? Thanks!!