Evan, you're right about the group profile. That part of adopted authority doesn't work and a profile swap is in order. Um, submit a batch job which runs under QSECOFR and updates a data queue on the submitting program that the process is done? Just another option for the API phobic. Rob Berendt -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." Benjamin Franklin Evan Harris <spanner@xxxxxxxxxx> Sent by: security400-bounces@xxxxxxxxxxxx 09/24/2003 02:39 PM Please respond to Security Administration on the AS400 / iSeries <security400@xxxxxxxxxxxx> To Security Administration on the AS400 / iSeries <security400@xxxxxxxxxxxx> cc Subject Re: [Security400] Allowing Someone to Create User Profiles... You may need to use the swap profile API whose name escapes me at the moment (I'm at home but I think its something like QSYSGETPH) If your user profile specifies a group profile then adopted authority will not be sufficient to create the profile as authority to a group profile cannot come from adopted authority - the profile performfng the operation need at least *USE (I think) to the group profile. Its all in the manual anyway :) As an aside make sure you have a profile as a backup to QSECOFR with a combination of *ALLOBJ and *SECADMIN once you get to V5*; If Qsecofr gets disabled and your screw up your DST user you could be in big trouble.... Regards Evan Harris >Chuck Lewis wrote: > >>I am basically "it in IT" and when I am off, on the road or whatever and a >>User Profile needs to be created it has to wait. I am VERY leery of giving >>anyone other than maybe the CFO the authority to do this. So am I stuck ? > >Haven't thought this all the way thru but how about: > >1) Create a skeleton user profile (no password) called CLONEME. >2) Write a CL program CRTAUSER with 2 parms, USER and NAME. >3) CRTAUSER adopts authority, does a RTVUSRPRF(CLONEME), and then does > a CRTUSPRF to create a new user. >4) The CFO could then use this via a command interface. > >You could even have various skeleton users and pick from one. > >-- >Jeff Crosby >Dilgard Frozen Foods, Inc. >P.O. Box 13369 >Ft. Wayne, IN 46868-3369 >260-422-7531 > >The opinions expressed are my own and not necessarily >the opinion of my company. Unless I say so. _______________________________________________ This is the Security Administration on the AS400 / iSeries (Security400) mailing list To post a message email: Security400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/security400 or email: Security400-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/security400.