|
midrange.com
Bryan,
If the user doesn't need a command line, you could change their
profile to LMTCPB(*YES), which will prevent them from invoking a command
line.
Might the initial object be owned by a profile with *SECADM authority ?
They might be inheriting authority from it ? Do they have an initial pgm
or an initial menu ? I'd like to see all the usrprf attributes.
By the way, what security level are you at ? (DSPSYSVAL QSECURITY).
Fiona Fitzgerald,
Dublin
Bryan Burns wrote:
We have a user profile with special authority *NONE that can do a CHGUSRPRF
and add *SECADM special authority to another profile. This is done from a
command line on the initial menu. This initial menu has three options:
EXECUTE OFFICE, EXECUTE MAPICS, and SIGN OFF.
How is this possible? We are on V4R4 and at cume level CO252440.
The profile in question has USER CLASS *USER, GROUP PROFILE *NONE, OWNER
*USRPRFand LIMIT CAPABILITIES *PARTIAL.
I think this may be due to adopted authority, but I am not a programmer and
I have dug as far as I can into this. Can someone shed some light on this?
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
