Shalom, One more clarification...
If I have *USE authority to a profile, I can submit a job under this profile. If I have *USE authority to a profile, I can use the QSYGETPH,
QsyGetProfileHandleNoPwd APIs to switch to this profile. The job submitting feature is blocked at security level 40. Does anyone know if the API feature is blocked as well?
[jte] Actually, the job submitting feature is not blocked at QSECURITY level 40. What is blocked is the ability to submit a job using a job description, and telling the job to run under the authority of the profile that is named in the job description, where the submitting user does not have at least read authority to the User Profile named in the job description. Example: In QGPL there is a JOBD named QBATCH that has the profile QPGMR named in it. If you wanted to submit this command: ---SBMJOB JOB(INVENTORY) CMD(CALL MyLib/MyDirtyPgm) JOBD(QGPL/QBATCH) ---USER(*JOBD) Under QSECURITY level 40 you must have *USE authority to both the JOBD QGPL/QBATCH, and to any profile named in the JOBD (In this case profile QPGMR). Otherwise the job will throw an authority error and not run. Under QSECURITY level 30 you must have *USE authority to the JOBD QGPL/QBATCH, but your authority to any profile named in the JOBD is not checked. So the command above would run as long as you are authorized to the JOBD. However, if you wanted to submit this command: ---SBMJOB JOB(INVENTORY) CMD(CALL MyLib/MyDirtyPgm) USER(SALLY) It will work under any QSECURITY level as long as you have at least *USE rights to the user profile SALLY. HTH, Jte