× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 2003

RE: Allowing power users to re-enable users

Yes, a very good idea and the "program" _can_ be simple.

Create a CL program named perhaps ENBUSR containing this single command:

  chgusrprf  ??usrprf() status(*enabled)

Compile it with QSECOFR or, better, an appropriate security profile as the 
owner and with the USRPRF(*OWNER) attribute set. Now, create an authorization 
list:

 ==> crtautl  SECPGMS text('Secured programs')

Secure the compiled program with the *autl created above:

 ==> grtobjaut  mylib/ENBUSR *PGM autl(SECPGMS)

Now, add the users you want to the *autl:

 ==> addautle   SECPGMS PowerUsr1 aut(*USE)

When you want to remove the authority, run:

 ==> rmvautle   SECPGMS PowerUsr1

It's a simple program that's extremely focused. You can control who has access 
easily. And you can also add additional programs or files or other objects to 
the *autl and secure them for the entire group of power users at the same time. 
The various commands above can be added to or modified to give additional 
control options but the generic technique works well.

Tom Liotta

midrange-l-request@xxxxxxxxxxxx wrote:

>   5. Re: Allowing power users to re-enable users (Raul A Jager)
>
>You can write a CL program that receives one parameter, the user
>profile, and calls  CHGUSRPRF to change that user's password.  You need
>to set the adopted autority to *owner, and make the owner QSECOFR or
>some other profile with enough authority.  Then you can set the
>permisions to the program as public *exclude, and list the people the
>are allowede to use it.
>
>It may be a good idea to also generate a log.
>
>>
>>>-----Original Message-----
>>>
>>>I have been getting a significant number of user re-
>>>enables lately. Mostly
>>>because two plus weeks after training when the people go
>>>live they forget
>>>their passwords. I would say 90% of the calls I have to
>>>reset the password
>>>and the user profile. We have a "help desk" (which is
>>>power users of the
>>>software) not IT people. So I want if possible, to let
>>>them at least reset
>>>the profile without them having *SECADM.
>>>
>>>Has any accomplished this? If so could I get some help?

-- 
Tom Liotta
The PowerTech Group, Inc.
19426 68th Avenue South
Kent, WA 98032
Phone  253-872-7788 x313
Fax    253-872-7904
http://www.powertechgroup.com


__________________________________________________________________
McAfee VirusScan Online from the Netscape Network.
Comprehensive protection for your entire computer. Get your free trial today!
http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397

Get AOL Instant Messenger 5.1 free of charge.  Download Now!
http://aim.aol.com/aimnew/Aim/register.adp?promo=380455

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.