Bryan, If the user doesn't need a command line, you could change their profile to LMTCPB(*YES), which will prevent them from invoking a command line. Might the initial object be owned by a profile with *SECADM authority ? They might be inheriting authority from it ? Do they have an initial pgm or an initial menu ? I'd like to see all the usrprf attributes. By the way, what security level are you at ? (DSPSYSVAL QSECURITY). Fiona Fitzgerald, Dublin Bryan Burns wrote: We have a user profile with special authority *NONE that can do a CHGUSRPRF and add *SECADM special authority to another profile. This is done from a command line on the initial menu. This initial menu has three options: EXECUTE OFFICE, EXECUTE MAPICS, and SIGN OFF. How is this possible? We are on V4R4 and at cume level CO252440. The profile in question has USER CLASS *USER, GROUP PROFILE *NONE, OWNER *USRPRFand LIMIT CAPABILITIES *PARTIAL. I think this may be due to adopted authority, but I am not a programmer and I have dug as far as I can into this. Can someone shed some light on this? +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: email@example.com +---
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.