Home > IT Answers > AS/400 > AS/400 User profile Authority
qmaster
1,635 pts.
 AS/400 User profile Authority
AS/400 user permissions, AS/400 user profiles, V5R3
I want to give the authority to a user to change their password on  their own?to gain that authority what type of option/authority i need to pass?

 

inputs requied.

AS/400, V5R3



Software/Hardware used:
ASKED: July 8, 2010  9:26 PM
UPDATED: July 22, 2010  5:33 AM
RELATED QUESTIONS
Answer Wiki:
i guess my 1st question is do you really want to give them the authority to change their own password. to me that is quite dangerous.. you will need secadm
Last Wiki Answer Submitted:  July 9, 2010  2:32 am  by  jinteik   15,485 pts.
All Answer Wiki Contributors:  jinteik   15,485 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

 

hey Jinteik,

i don’t know in what way it violates system security….(changing their own password)

do we need *secadm authority,by giving this user will get few more authorities..which is not good. i have to give only password change option to the user?

any inputs pls

qmaster
 1,635 pts.
 

I would have thought all you need was authority to the CHGPWD command

Adamwkiuk2002
 215 pts.
 

I suspect that it isn’t the authority to change passwords that is the problem. The problem is that users don’t have access to any of the “change password” options.

For example, they might not have access to a command line. Or if they do, they don’t have capability to run GO USER or CHGPWD. (I have no idea why anyone would be so restrictive, but it’s common enough. Usually there are no reasons behind it. Well, technically, the reason is usually because security was improperly assigned in the past; so the resolution was to lock all users out of everything.)

Allowing access either the the USER menu or the CHGPWD command should be sufficient. The question becomes how to do that, and the answer depends on why users can’t do it now.

Tom

TomLiotta
 107,945 pts.
 

I’m not sure which one is blocking….then what authority will give access to the users to change their password.

qmaster
 1,635 pts.
 

I’m not sure which one is blocking…

  1. Can users access command lines?
  2. If they can, can they run the CHGPWD command?
  3. IF CHGPWD fails, what is the message ID that results from the error?
  4. If CHGPWD fails, can they run the GO USER command?
  5. If GO USER fails, what is the message ID that results from the error?

When we have an answer to some of those questions, we might know enough to answer your questions.

Tom

TomLiotta
 107,945 pts.
 

what authority will give access to the users to change their password.

They should all already have that authority. If they don’t, then someone removed some authority. You will have to tell us what authority was removed. You can do that by trying to answer the questions that have been asked.

Also, it might not be an authority problem. It might be a capability problem. Maybe all you need to do is set ALWLMTUSR( *YES ) on the CHGPWD command.

Tom

TomLiotta
 107,945 pts.
 

pls check ypur password policy & the system values set on your server.

A5
 50 pts.