as400security administrator

AS/400 administration
AS/400 security
User authority
can i create a security administrator and restrict this to only a selecte group of libraries/user profiles

Answer Wiki

Thanks. We'll let you know when a new response is added.

we can create a profile with no special authority and give him the rights through the group profile(primary and supplymentary groups) based on the activity he needs to perform.

Discuss This Question: 3  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Nikolai1960
    dear sir thanks a lot, what i need to do is to create a user profile who will only create,copy and delete user profiles for a select group of users and have access to only a list of libraries with no no authority to other libraries and other users in the system. Basically we wanty to create a regional user profile for that area users only Can you please let me know thanks
    30 pointsBadges:
  • DanD
    You can give admin profile *SECADM but do not give it *ALLOBJ and you can restrict that user from libraries. Put the profile in a group that is *exclude to those libs or where it doesn't have authority and *PUBLIC is *exclude to the libraries and objects in them. I reccomend using authorization list on the libs and objects and having lib/object owners different for each application or in your case, geographical area. If your admin profile doesn't have *ALLOBJ it will only be able to create profiles for users in the same group that it is in or that it has authority to. Make sure it is only authorized to the group for the region you want it to admin by making sure all other profiles and libs are *PUBLIC *EXCLUDE.
    2,865 pointsBadges:
  • TomLiotta
    One minor note... Once *SECADM is available to your new security administrator, that administrator can create as many profiles as he/she wants. Those new profiles do not need to be created with any group membership. However, that administrator cannot give those new profiles authorities that the administrator does not have. The administrator doesn't need to be a member of any group. The administrator only must have at least *CHANGE authority to a group profile before the new profile can be given membership into the group by the administrator. By granting the administrator authority to multiple group profiles, new users can be given membership into any of them. If the administrator is made a member of a group, the authorities of that group become available to the administrator. Note that a group profile does not have to have *CHANGE authority to itself. (Which may seem strange, and it can have unexpected effects.) Tom
    125,585 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: