Changing User Authority/Securing System

25 pts.
AS/400 Authorization List
AS/400 Permissions
AS/400 Security Data
AS/400 user permissions
Is there an easy way to change user authority to read on only on an open AS400 system that is menu driven? The ability to change data, add, update etc. is coded within the programs - in other words function key driven.

Software/Hardware used:

Answer Wiki

Thanks. We'll let you know when a new response is added.

if you change your users to READ only, then the programs that do the updates will not load properly for them and will therefore become useless and inoperable, unless you have code within the program that adopts authority.

the simplest way is to create a GROUP profile for each department. define within that GROUP profile the access rights afforded to the general user class in that department. use ChgUsrPrf to attach the users to the GROUP profile for their department/area.

of course, if the system is only menu driven and the user cannot get to the IBM supplied menus and you set their LmtCpb (Limit Capabilities) to *YES, then they should not be able to get to system functions anyway.

you should also devise a program menu and set that as their AtnPgm (Attention Program) so that when they press the Attention Key, they go into a CONTROLLED menu that does not allow for IBM menu access.

the best and simplest form of security is a well managed menu system. security is for keeping strangers out of your system and coralling users who may wander from the herd.


Discuss This Question: 2  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • TomLiotta
    Note that transferring authority from the users to group profiles won't make any difference at all. Also note that while menu-based security can be the most secure system image, it requires either (a) that no networking server except the telnet server (and possibly HTTP with appropriate programming) is running on the system or (b) that some technique such as exit programs is used for each server that is activated. This means no DDM, no OBDC/JDBC, no iSeries Access file transfer, no Windows Explorer access, no FTP, no Remote Command/Distributed Program Call... No management nor configuration can be done through iSeries Navigator. No Management Central can be started. Various other restrictions apply. In essense, menu security means using the system as if it was still back at V3R1 with only terminal emulation allowed. Otherwise, menu security alone is no security at all. Tom
    125,585 pointsBadges:
  • philpl1jb
    Here's my take on it. 1. Change all data files to read only 2. Change all programs to use adopted or owner authority 3. Compile programs by a userID with full authority to the data. Phil
    54,090 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: