× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2007

Re: special authority



Thank, Pat, Really appreciate!

Best Regards.

James Fu

TDL Group Corp. (Tim Hortons)
Oakville, Ontario
Direct: 905-339-5798
fu_james@xxxxxxxxxxxxxx
Web: http://www.timhortons.com



Patrick Botz
<botz@xxxxxxxxxx>
Sent by: To
midrange-l-bounce Midrange Systems Technical
s@xxxxxxxxxxxx Discussion
<midrange-l@xxxxxxxxxxxx>
cc
04/27/2007 12:48
AM Subject
Re: special authority

Please respond to
Midrange Systems
Technical
Discussion
<midrange-l@midra
nge.com>






I would do the following:
Write a CL program that called CHGUSRPRF.
If you just need to re-enable userIDs for Netserver, have the program
accept one parameter, the USRPRF name.
After creating the CL program, select a user profile that has *SECADM and
*ALLOBJ the owner of the new CL program
Use CHGPGM and set the USRPRF attribute to *OWNER (this is what makes it
adopt the authority of the owner of the program.
Make PUBLIC on this command *EXCLUDE
Create a group for the help desk personnel and give the group *USE to the
new program.

After that I would either have the help desk folks use the new program
either from the green screen or through the remote command GUI in iNav.




Patrick Botz


Security Architecture Consulting & Implementation

IBM Systems and Technology Group Lab Services

mail: botz@xxxxxxxxxx

phone: 507.253.0917 / mobile: 507.250.5644



ibm.com/servers/eserver/services



midrange-l-bounces+botz=us.ibm.com@xxxxxxxxxxxx wrote on 04/26/2007
08:51:02 AM:

That piece of GUI is an outstanding feature to determine if NetServer
access is blocked that way. We, too, have shown our help desk people
how
to look at it. We don't let them use it to fix the person though. An
alternative is to change the user profile "some" way to reset that. For

example if you had a short program that
adopted authority
CHGUSRPRF that user.
I believe that would reset it.
Would telling your help desk people to do that work? I suggest calling
IBM and finding out if there is some way to (through Application
Administration perphaps) give your help desk adopted authority or some
such thing to have the gui work. If not, submit a DCR. If you will, I
will.

Rob Berendt
--



fu_james@xxxxxxxxxxxxxx
Sent by: midrange-l-bounces@xxxxxxxxxxxx
04/26/2007 09:13 AM
Please respond to
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>


To
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
cc
Subject
special authority

Hi, list,
We would like to take away special authority from our helpdesk people.
One
of their responsibilities is to enable iSeries NetServer user in iSeries
Navigator. They need *SECADM and *IOSYSCFG to do this. Is there any
solution for that?
Thanks in advance...

Best Regards.

James Fu


The information contained in this message is confidential and may be
legally privileged. The message is intended solely for the addressee(s).

If you are not the intended recipient, you are hereby notified that any
use, dissemination, or reproduction is strictly prohibited and may be
unlawful. If you are not the intended recipient, please contact the
sender
by return e-mail and destroy all copies of the original message.

L'information contenue dans ce message est de nature confidentielle et
peut etre de nature privilegiee. Ce message est strictement reserve a
l'usage de son ou ses destinataires. Si vous n'etes pas le destinataire

prevu, prenez avis, par la presente, que tout usage, distribution, ou
copie de ce message est strictement interdit et peut etre illicite. Si
vous n'etes pas le destinataire prevu, veuillez en aviser l'expediteur
par courriel et detruire tous les exemplaires du message original.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



The information contained in this message is confidential and may be legally
privileged. The message is intended solely for the addressee(s). If you are
not the intended recipient, you are hereby notified that any use,
dissemination, or reproduction is strictly prohibited and may be unlawful. If
you are not the intended recipient, please contact the sender by return e-mail
and destroy all copies of the original message.

L'information contenue dans ce message est de nature confidentielle et peut
etre de nature privilegiee. Ce message est strictement reserve a l'usage de
son ou ses destinataires. Si vous n'etes pas le destinataire prevu, prenez
avis, par la presente, que tout usage, distribution, ou copie de ce message
est strictement interdit et peut etre illicite. Si vous n'etes pas le
destinataire prevu, veuillez en aviser l'expediteur par courriel et detruire
tous les exemplaires du message original.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.