Creating AS/400 user profiles

750 pts.
Tags:
AS 400
I want to create a user profile that has authority to create a user profile only. What entries are needed in the profile to accomplish this? I don't want the profile to have authority to get to anything else other than just creating profiles.


Software/Hardware used:
V7R1
0

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • TheRealRaven
    First decision is what authorities will the profiles need when this profile creates them? You can't grant an authority that you yourself don't have. Next, will this profile be the owner of the created profiles? If not, who will be the owner?

    Easiest is to create a profile that can't sign on. Have it simply be an owner of a program that does nothing but prompt a CRTUSRPRF command and set owner and authority for the created profiles, and have the program run under adopted authority. Don't grant authority to anyone to use this profile (though a high-authority profile doesn't need granted authority).

    If this profile can't sign on and no one can use it, the only thing it will be able to do is control the CRTUSRPRF command in that single program. The basic authority requirements for this profile are the ones listed in the CRTUSRPRF help text. Additional authorities will depend on what needs to be granted to created profiles.
    32,380 pointsBadges:
    report
  • ToddN2000
    I agree with Raven. Create a profile that has a custom program to create the user profile as it's initial program. The only other option in this program is a signoff. His points about authority are valid..I don't see a real benefit to someone trying to set up profiles that will be restricted due to authority needed for some more advanced functions.
    125,840 pointsBadges:
    report
  • WoodEngineer
    If the user profiles you need to create are not complex you could create your own command which only includes the parameters required for your situation. Then the command processing program could call the full IBM CRTUSRPRF command to create the user profile.
    To solve the security issue your command / processing program could run with adopted authority. Proceed carefully if you take this approach.
    You could then limit who could access your customer command.
    8,225 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: