ibmi-brunch-learn

Announcement

Collapse
No announcement yet.

Crtusrprf

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Crtusrprf

    Hi,
    I've been tasked with creating an application to create new users on our system. We have a third party system that has several files that need to be updated along with our own authority and access system files. So a CL seemed the way to go to call the various programs to write and update the files. Everything works well except when it comes to creating the user id on the 400.

    We have a listing of default users to copy for specific departments but since there is no CPYUSRPRF command available for CL usage, I retrieve values from the required profile and then use CRTUSRPRF to create the new user profile with the retrieved values; special authorities, initial menu, initial program, etc.

    Here's the problem, if I retrieve values from a profile that has either *ALLOBJ as a special authority or *SIGNOFF for initial menu, I get an error message stating that '*ALLOBJ not valid for parameter SPCAUT' or '*SIGNOFF for parameter INLMNU not a valid name'.

    Why is this happening?
    I have sufficient authority myself *SECADM.

    Mike.

    Last edited by redvan; August 30, 2021, 01:15 PM.
    Everyday's a school day, what grade are you in?

  • #2
    Are you able to supply the exact error messages? Does the 2nd level help give any additional clues?
    You mention you have *SECADM authority. Do you have any other special authorities? *SECADM will allow you to create profiles, however you cannot create a profile with more authority than you have. For instance, if you don't have *ALLOBJ, you can't create a profile with *ALLOBJ authority.
    I don't know the reason for the *SIGNOFF error however the full error message may give a clue.

    Comment


    • #3
      Originally posted by john.sev99 View Post
      Are you able to supply the exact error messages? Does the 2nd level help give any additional clues?
      You mention you have *SECADM authority. Do you have any other special authorities? *SECADM will allow you to create profiles, however you cannot create a profile with more authority than you have. For instance, if you don't have *ALLOBJ, you can't create a profile with *ALLOBJ authority.
      I don't know the reason for the *SIGNOFF error however the full error message may give a clue.
      john.sev99
      Yes I know that granting higher authority than myself is not possible but I have all the special authorities that could I come across.

      Here's the full initial message from the joblog for the special authority error ....

      Message ID . . . . . . : CPD0084 Severity . . . . . . . : 30
      Message type . . . . . : Diagnostic
      Date sent . . . . . . : 08/31/21 Time sent . . . . . . : 11:09:50

      Message . . . . : '*ALLOBJ ' not valid for parameter SPCAUT.
      Cause . . . . . : The value specified is not allowed by the command.
      Recovery . . . : Enter one of the values that is defined for the parameter,
      and try the command again. More information on parameters and commands can
      be found in the Information Center or the appropriate licensed program
      manual.

      ...and the subsequent message that follows....

      Message ID . . . . . . : CPF0001 Severity . . . . . . . : 30
      Message type . . . . . : Escape
      Date sent . . . . . . : 08/31/21 Time sent . . . . . . : 11:09:50

      Message . . . . : Error found on CRTUSRPRF command.
      Cause . . . . . : The system detected errors in the command.
      Recovery . . . : See the previously listed messages in the job log. Correct
      the errors and then try the command again. *N instead of a command name
      means that the name had not been determined before the error was found.


      And here's the *SIGNOFF message.... (also received the CPF0001 message after this one)

      Message ID . . . . . . : CPD0078 Severity . . . . . . . : 30
      Message type . . . . . : Diagnostic
      Date sent . . . . . . : 08/31/21 Time sent . . . . . . : 11:16:33

      Message . . . . : Value '*SIGNOFF ' for parameter INLMNU not a valid name.
      Cause . . . . . : Value '*SIGNOFF ' contains characters that are not valid
      in a name or is a single value that was specified as part of a qualifier. A
      name must begin with an alphabetic character followed by alphanumeric
      characters, or if the value is a string of characters, it must be enclosed
      in quotation marks.
      Recovery . . . : Correct the name or specify the single value alone, then
      try the command again. More information on names can be found in the
      Information Center.
      Everyday's a school day, what grade are you in?

      Comment


      • #4
        Do you have the exact command giving the error message? Both of those error messages 'look' like there may be a trailing space which maybe would give an error. Do you enclose in quotation marks? Those special values probably should not be in quotation marks I would guess. Compare the actual command to one that you manually create and see what differences there may be .

        Comment


        • john.sev99
          john.sev99 commented
          Editing a comment
          That was the first thing I noticed as well, the message shouldn't show quotes around the special authorities so agree with you that it is the likely cause.

      • #5
        Originally posted by Scott M View Post
        Do you have the exact command giving the error message? Both of those error messages 'look' like there may be a trailing space which maybe would give an error. Do you enclose in quotation marks? Those special values probably should not be in quotation marks I would guess. Compare the actual command to one that you manually create and see what differences there may be .
        I will check that out Scott.
        Everyday's a school day, what grade are you in?

        Comment


        • #6
          Scott.
          I'm not enclosing anything in quotes.
          Here are the values from debugging...
          Click image for larger version

Name:	Authorities.png
Views:	317
Size:	4.5 KB
ID:	156030
          and the message
          Click image for larger version

Name:	Message.png
Views:	317
Size:	3.7 KB
ID:	156028
          Attached Files
          Everyday's a school day, what grade are you in?

          Comment


          • #7
            what is the resulting CRTUSRPRF command look like, that is what is important. If you copy that to the command line you may be able to see what the issue is.

            Comment


            • #8
              I can duplicate your error message by doing
              CRTUSRPRF USRPRF(JUNK) SPCAUT('*ALLOBJ *JOBCTL *SAVSYS')
              instead of this which is correct
              CRTUSRPRF SPCAUT(*ALLOBJ *JOBCTL *SAVSYS)

              Somehow you are passing the value in such a way so that it is getting enclosed in quotation marks.
              Last edited by Scott M; September 2, 2021, 07:34 AM.

              Comment


              • #9
                Redvan,

                Is it possible that you're doing something like this:
                Code:
                CHGVAR VAR(&CMD) VALUE('CHGUSRPRF SPCAUT(''' *CAT &SPCAUT ''')')
                Instead of:
                Code:
                CHGVAR VAR(&CMD) VALUE('CHGUSRPRF SPCAUT(' *CAT &SPCAUT ')')
                ??

                Comment


                • #10
                  If you're using one parameter to hold all of the special authority values and trying to execute the command directly, then you get the error that you're seeing. The special authority parameter is a list of values so you have to put each entry in it's own variable or construct the whole command in a variable (like Scott's example) and execute it using QCMDEXC.

                  Comment


                  • Brian Rusch
                    Brian Rusch commented
                    Editing a comment
                    That first part should read: If you're using one *variable* to hold all of the special authority values... Still not able to edit my own posts.

                • #11
                  During my research of the issue, I discovered that we're at security level 40. With that in mind and User Class set to *USER, no one should have any special authorities but the profiles I'm using for the copy all have one or more special authorities. This needs to be remedied first before this project can continue.

                  Thank you all for your time and advice.

                  Mike.
                  Everyday's a school day, what grade are you in?

                  Comment

                  Working...
                  X