|
A lot of confusion surrounds the User class of a profile. I don't know how this idea started, but many people are under the impression that the User class carries more meaning than it does. OS/400 only uses User class for three things on the system 1- to default the special authorities given to the profile when the profile is created, 2- to determine what OS/400 menu options the user sees and 3- to determine how to adjust the special authorities for users when moving from security level 20 to levels 30, 40 or 50 (at security level 20, all profiles, by default, are given *ALLOBJ and *SAVSYS, so OS/400 removes these based on the User class when the system level changes.)
A user can be in the *SECOFR user class and have no special authorities or the user can be in the *USER user class and have all of the special authorities. It really doesn't matter. OS/400 never checks the User class when it is looking to see if a user has sufficient authority to access an object or is looking to see if a user has a specific special authority.
That said, let's look at your question. You ask if a user is assigned to the "QSECOFR class" whether they still have *SECADM capabilities because they are in this class. First a bit of clarification -- there is no "QSECOFR class" so I'm guessing that you mean the *SECOFR User class. Next, as I explained above, OS/400 is going to look to see if the user has *SECADM special authority -- it is not going to look at the user profile's User class. So despite the fact that the user is in the *SECOFR User class, the user does not have *SECADM capabilities.
|
