Is there a command that allows you to exclude a user profile for everything but a few specific objects without having to assign *EXCLUDE to all objects on the system?
No, but . . .
Rather than think of excluding a user from every object on the system, think of excluding a user (or their group) from applications. If you think about how applications are implemented, they are typically a set of libraries and/or directories. If you exclude a user (or their group) from the library or directory, they cannot access anything in the library or directory. For the libraries the user does need access to, you're going to have to determine whether you need to exclude the user from other objects in that library. But rather than thinking of excluding someone from every object on the system, try stepping back and taking a slightly broader approach. Hopefully the task won't seem so daunting that way.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Check out this Search400.com Featured Topic: Top ten security tips
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
The UPPWEI field corresponds to the password expiration interval field, and its values "0" and "-1" represent the *SYSVAL and *NOXMAX commands. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.