When our users access their application, the first program uses adoptive authority so the database can be updated. If they are not in the application, they have only read rights to the database. The Attention key provides a menu with a command line for them to use. They have Limited Capabilities set to *Yes, but they do have access to some commands. The problem is when they use the Attention key to access the menu, they're still under the adopted authority. So they have R/W access to the database. How can I set the security on the Attention key menu to release the adopted authority, yet put it back when the F3 back to the application?
Pressing the Attention key drops the adopted authority currently in effect. This is documented in the IBM publication iSeries Security Reference, Chapter 5. So if you are in menu environment that adopts authority, pressing the Attention key will not propagate that adopted authority to the Attention key program. Take a look at the program or programs that are processing the attention key. Do a DSPPGM on each one and look at the User profile parameter. I believe that one or more of the Attention key handling programs that you have defined is adopting authority. Therefore, for the user profile parameter you will see the value *OWNER.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: Tips, tutorials and more.
Search400.com's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Read this Search400.com Featured Topic: Secure your iSeries
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
The UPPWEI field corresponds to the password expiration interval field, and its values "0" and "-1" represent the *SYSVAL and *NOXMAX commands. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.