OS/400 Sensitive Commands

10 pts.
Tags:
ADDAUTLE
AS/400
CHGDTA
CHGUSRPRF
CRTAUTL
CRTUSRPRF
OS/400
1)  How can a user be given the capability to execute the following OS/400 sensitive commands?
ADDAUTLE - Add Authorization List Entry
CHGDTA - Change Database File (using DFU)
CHGUSRPRF - Change User Profile
CRTAUTL - Create Authorization List
CRTUSRPRF - Create User Profile
EDTAUTL - Edit Authorization List
STRDFU - Start DFU
UPDDTA - Updata Data (using DFU)

Answer Wiki

Thanks. We'll let you know when a new response is added.

Everything on the System i is an object, and every object has security built in. You can give a user or a group access to an object via the objects security or authorization list.

Use this command for each object: GRTOBJAUT (Grant Object Authority) Command Description

Link : <a href=”http://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/cl/grtobjau.htm”>IBM iSeries Information Center</a>

Of you could give them a higher level of authority. If they are *USER now you might want to upgrade that to *PGMR and see if they can handle that?

What I have done in the past is create a menu and associated CL’s for each command under a user with *ALLOBJ authority. When compiling use USRPRF set to *OWNER, this causes the program to use the adopted authority of the profile that compiled programs. Create a Profile with this Menu set as Initial Menu with Limit capabilitiesset to *YES. Now a User can signon to this menu run the secured commands and not have command line access. Added bonus can set up auditing of that profile to track usage…..Rick

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following