RE: QSYGETPH question

Shalom,

One more clarification...

If I have *USE authority to a profile, I can submit a job under this
profile.
If I have *USE authority to a profile, I can use the QSYGETPH,

QSYGENPT or

QsyGetProfileHandleNoPwd APIs to switch to this profile.

The job submitting feature is blocked at security level 40.
Does anyone know if the API feature is blocked as well?

[jte] Actually, the job submitting feature is not blocked at QSECURITY
level 40.  What is blocked is the ability to submit a job using a job
description, and telling the job to run under the authority of the
profile that is named in the job description, where the submitting user
does not have at least read authority to the User Profile named in the
job description.

Example:   In QGPL there is a JOBD named QBATCH that has the profile
QPGMR named in it.  If you wanted to submit this command:

---SBMJOB JOB(INVENTORY) CMD(CALL MyLib/MyDirtyPgm) JOBD(QGPL/QBATCH) 
---USER(*JOBD)

Under QSECURITY level 40 you must have *USE authority to both the JOBD
QGPL/QBATCH, and to any profile named in the JOBD (In this case profile
QPGMR).  Otherwise the job will throw an authority error and not run.

Under QSECURITY level 30 you must have *USE authority to the JOBD
QGPL/QBATCH, but your authority to any profile named in the JOBD is not
checked.  So the command above would run as long as you are authorized
to the JOBD.

However, if you wanted to submit this command:
---SBMJOB JOB(INVENTORY) CMD(CALL MyLib/MyDirtyPgm) USER(SALLY)

It will work under any QSECURITY level as long as you have at least *USE
rights to the user profile SALLY.


HTH,

Jte