Q
Manage Learn to apply best practices and optimize your operations.

CL authority problem

We run a CL that runs the following command:
chgobjown obj(MyLib/MyFile) objtype(*file) newown((QPGMR).

The CL fails and the job log shows the following:
Attempt to use permanent system object QPGMR without authority. Not authorized to perform operation on file MyFile. Function not done for user profile QPGMR. CPF2BE (Function not done for user profile).

Do I need to use QSECOFR and change CHGOBJOWN? I don't want to have to remember to change that after each new operating system release. Is there a better way to do this?

According to the iSeries Security Reference manual, Appendix D, you need *ADD authority to the new owner. So, in your case, the process running has to have *ADD authority to the QPGMR user profile. In your case, you could change your CL program to be owned by a profile that has this authority (e.g., QSECOFR) and change the profile to adopt authority. To do that, run the CHGPGM command, specifying USRPRF(*OWNER).

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

Visit the ITKnowledge Exchange and get answers to your security questions fast.

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

Close