Change User Profile (CHGUSRPRF)

205 pts.
Tags:
AS/400
CHGUSRPRF
I have a project to give a help desk menu so they can use CHGUSRPRF command, the problem is that I make a CL program to specify some of the command parameter this program is working will via command line and via the menu, but when any of the help desk user use this option in the menu this message appeared "Not authorized to user profile XXXXX Current values could not be retrieved' After searching over internet I found that I have to give the helpdesk user *SECADM but it’s against our police, so what can I do? Note: the admin was here before me is already handling this issue so the help desk user can change user profile to enabled, disabled and change profile TXT without giving them a *secadm!
0

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question: 21  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • ToddN2000
    They may be able to do it if given *IOSYSCFG authority, but I can't verify due to my restricted authority.
    134,720 pointsBadges:
    report
  • osamah
    I try it to give them *IOSYSCFG authority, but still not working
    205 pointsBadges:
    report
  • pdraebel
    What the message is implying is that there is no authority to the User Profile object. Check the ownership of the user profiles.
    Does your program use "Adopted authority" ? Has the program owner access to the user profile objects ?
    7,545 pointsBadges:
    report
  • ToddN2000
    What is the help desk trying to change in the user profile? That can cause problems if they make the wrong change. Are they just looking to reset a password? There may be other alternatives to you problem.
    134,720 pointsBadges:
    report
  • ToddN2000
    Another possibility may be to create a unique sign on like "HELPDESK". Then add this user to the object authority for the user profiles with the authority you want.
    134,720 pointsBadges:
    report
  • osamah

    I create a menu that call a program to change user profile

    the CL code is as the following:

    CHGUSRPRF ??USRPRF(*N) ??PASSWORD(*N) ??PWDEXP(*N) ??STATUS(*N) ??TEXT(*N) ??SUPGRPPRF(*N)

    the 3 menu object ( *MSGF,*FILE and *MENU) and the PGM I've edit there authority and add the helpdesk user as *use

    also I use the CHGPGM command *OWNER to set the Adopted authority, but the msg now changed to be "Not authorized to object XXXX in QSYS" where XXXX is user profile or group profile.

    205 pointsBadges:
    report
  • ToddN2000
    You need to give authority to the user profile(s) using the GRTOBJAUT command. Add the profile(s) that need to have the ability to changed the user profile. You will probably have to do this one-time using SECADM to allow the others access.

    GRTOBJAUT OBJ(MYLIBL/MYPROFILE) OBJTYPE(*USRPRF) USER(MENUUSER)
    134,720 pointsBadges:
    report
  • philpl1jb

    The person who compiles the CL has proper authority. Change the program to use OWNER authority.

    User profile . . . . . . . . . . *OWNER
    Use adopted authority  . . . . . *YES


    54,090 pointsBadges:
    report
  • osamah

    im the one who compile the CL its me and I have *ALLOBJ* IOSYSCFG *SECADM also my user class is *SECOFR so I don't think this is the problem.

    ToddN2000 I cant under stand ur point, I have a HELPDESK group profile it contend the helpdesk member any user of this group can already use the old program via the old menu and change any user profile but my new user although he is in the same helpdesk group can use my new program via the new menu

    note the new user can use the old chguseprf program via the old menu well.

    205 pointsBadges:
    report
  • osamah
    can't use*
    205 pointsBadges:
    report
  • osamah
    can't use my new program via the new menu
    205 pointsBadges:
    report
  • ToddN2000
    If you do a DSPOBJAUT on your new menu and your new program, what users, groups and authority are displayed?
    134,720 pointsBadges:
    report
  • osamah

    the menu 3 object authority is

    *PUBLIC                   *EXCLUDE
    *GROUP   ADMIN     *ALL   
    ITHLPD                    *USE   

    where ITHLPD is the helpdesk group, Admin is my group

    the program authority is

    *PUBLIC                   *EXCLUDE
    *GROUP   ADMIN    *ALL   
    ITHLPD                    *USE   

    so is there is anything else should I do ?

     

    205 pointsBadges:
    report
  • ToddN2000
    Try this for one profile. Grant the profile you want to change to allow ITHLPD to make changes.
    GRTOBJAUT OBJ(MYLIBL/MYPROFILE) OBJTYPE(*USRPRF) USER(ITHLPD)
    134,720 pointsBadges:
    report
  • osamah

    I cant understand the point of using this command ??

    and what the deferent between this command and, use Edit authority then add the user ?

    could u please adjust the command using my real information

    helpdesk user: HLPDUSR1

    helpdesk group: ITHLPD

    program name : PGM_LIB/CHGUSR_CL

    thanks for ur effort and time

     

    205 pointsBadges:
    report
  • pdraebel
    Osama, you need to understand that the helpdesk group needs to have authority to all User Profiles and Group Profiles if is allowed to change.
    Certainly this will not contain all of the userprofiles on the system as that would pose a danger. Everyone could make himself QSECOFR or an equivalent.

    I think your issue here really is the authority to the Userprofiles and Group Profiles.
    7,545 pointsBadges:
    report
  • osamah

    dear pdraebel thanks for ur support, but I think my helpdesk group profile is already authority to all User Profiles and Group Profiles because any existing or new member of this group can change user profiles,

    my problem here that I have a new PGM program that allow the helpdesk user more parameter on chgusrprf but when they use it they face this msg "Not authorized to object XXXX in QSYS"

    although I use the chgpgm *OWNER but still dose not work

    I really confused y It still doesn't work :(

    205 pointsBadges:
    report
  • pdraebel
    Even with "Adopted Authority" in place the user executing the option needs authority in case a Group Profile is changed to that group profile. Check IBM article : http://www-01.ibm.com/support/docview.wss?uid=nas8N1013328
    7,545 pointsBadges:
    report
  • osamah

    this article  is describes my situation but without giving any solution

    just telling me "ensure that the user running the program has the proper authority "

    what is the proper authority do I need ?

    the other helpdesk user is login with the same authority and using chgusrprf command as well,

    but the new user in the same group with the same authority can not use my program.

    205 pointsBadges:
    report
  • pdraebel
    I would check the authority the "new user" has to the Helpdesk group profile and compare it with the "old user".

    Are they changing the same parameters on a user profile ?
    You could well find that some changes work, others don't.

    We can only suggest what could be wrong, you will have to check and try and correct the situation at your end.
    7,545 pointsBadges:
    report
  • Justinlopes89
    Hello Osama
    Can you please paste the CL program so as to ascertain your approach.

    Thanks,
    Justin Lopes
    20 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: