• Subject: Re: Changing user profiles without *SECADM; adding *SECADM without ev enhaving *SECADM
  • From: fiona.fitzgerald@xxxxxxxxxxxxxxxxxx
  • Date: Fri, 26 Jan 2001 17:08:40 +0000


Bryan,
     If the user doesn't need a command line, you could change their
profile to LMTCPB(*YES), which will prevent them from invoking a command
line.
Might the initial object be owned by a profile with *SECADM authority ?
They might be inheriting authority from it ? Do they have an initial pgm
or an initial menu ? I'd like to see all the usrprf attributes.

By the way, what security level are you at ? (DSPSYSVAL QSECURITY).

Fiona Fitzgerald,
Dublin


Bryan Burns wrote:

We have a user profile with special authority *NONE that can do a CHGUSRPRF
and add *SECADM special authority to another profile.  This is done from a
command line on the initial menu.  This initial menu has three options:
EXECUTE OFFICE, EXECUTE MAPICS, and SIGN OFF.

How is this possible?  We are on V4R4 and at cume level CO252440.

The profile in question has USER CLASS *USER, GROUP PROFILE *NONE, OWNER
*USRPRFand LIMIT CAPABILITIES *PARTIAL.

I think this may be due to adopted authority, but I am not a programmer and
I have dug as far as I can into this.  Can someone shed some light on this?


+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].