Adopted authority is stack-based. That is, as long as the program is active, or in the program call stack, the adopted authority is in effect. So if you do something like a SBMJOB out of the program that adopts, the adopted authority will not carry over to the new job because there's a new stack.
Because it's stack-based, the adopted authority flows to subsequent programs that are called. So if you would call the API that puts up the command line, the adopted authority flows out to that command line. So it's best to do whatever it is that needs the additional authority and then returns (doesn't do a lot of extra stuff.)
To control who can perform these saves, you'll probably want to set the program to *PUBLIC *EXCLUDE and only authorize selected users or groups to the program.
Hope this helps.
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
The UPPWEI field corresponds to the password expiration interval field, and its values "0" and "-1" represent the *SYSVAL and *NOXMAX commands. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.