Manage Learn to apply best practices and optimize your operations.

Adopted authority and sign-on access

I have implemented adopted authority. I'm now running into trouble with user profiles. Specifically, a user can't sign on unless the object authority of that user profile is owned by the group profile. Is that a "rule" of adopted authority?
Adopted authority has nothing to do with the authority a user needs to sign on the system. When a profile is created, OS/400 grants *CHANGE plus *OBJMGT authority to the profile itself. That authority should NOT be removed or altered. When a user is made a member of a group profile, OS/400 grants the user profile the following authorities to the group profile: *OBJOPR, *OBJMGT, *READ, *ADD, *UPDATE, *DELETE (note - authority to the group does NOT include *EXECUTE.) It sounds like one of these two authorities has been removed or altered. I would check and, if necessary, set the authorities to the values listed above.


The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.