Tweet
If one were to create a user profile (let's say 'PROFADMIN' with *SECADM authority only used to reset AS400 profile passwords, my understanding is this:
-The 'PROFADMIN' profile needs authority TO the actual profile being reset
-The 'PROFADMIN' profile ALSO needs authority to the actual command being ran
My assumption initially was that all the profadmin acct needed was *SECADM and they would be on their merry way. However, I was surprised that I had to actually give authorities to the profile & command itself. Authorities such as *OBJOPR, *OBJMGT & what made things more confusing was that the command needed *READ, *UPD & *EXECUTE data authorities too.
Unless I'm missing something, IBM topic on 'chgusrprf' doesn't mention needing special authority to the actual 'chgusrprf' cmd itself:
http://www.ibm.com/support/knowledge...rf.htm?lang=en
Thanks
-The 'PROFADMIN' profile needs authority TO the actual profile being reset
-The 'PROFADMIN' profile ALSO needs authority to the actual command being ran
My assumption initially was that all the profadmin acct needed was *SECADM and they would be on their merry way. However, I was surprised that I had to actually give authorities to the profile & command itself. Authorities such as *OBJOPR, *OBJMGT & what made things more confusing was that the command needed *READ, *UPD & *EXECUTE data authorities too.
Unless I'm missing something, IBM topic on 'chgusrprf' doesn't mention needing special authority to the actual 'chgusrprf' cmd itself:
http://www.ibm.com/support/knowledge...rf.htm?lang=en
Thanks
Comment