|
Yes, the easiest way to allow users to have authority, in this case *SECADM special authority, for a particular time but not all the time is by using adopted authority.
Adopted authority is an attribute of a program. While the program is active
(in the call stack) the adopted authority is in effect. When adopted
authority is in effect, the user runs with not only his own authority but
the program owner's authority as well. So if Sally signs on and calls a
program that is owned by QPGMR, Sally will have all of her own authorities
as well as all the authorities of the user profile, QPGMR.
In your case, you can create a command whose command processing program
(CPP) adopts authority. Have the program be owned by a user profile that
has *SECADM special authority. The CPP will perform the CRTUSRPRF command.
Set *PUBLIC authority to the CPP to *EXCLUDE. Give *USE authority to the
users you want to create profiles. To set a program to adopt authority,
specify *OWNER for the user profile parameter on the CHGPGM command:
CHGPGM PGM(your_lib/your_pgm) USRPRF(*OWNER)
==================================
MORE INFORMATION ON THIS TOPIC
==================================
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
|
