How is authorization given to users to execute the sensitive commands listed below, and how do I identify users who have that capability?
- Change Database File (using DFU) CHGUSRPRF
- Change User Profile CRTAUTL
- Create Authorization List CRTUSRPRF
- Create User Profile EDTAUTL
- Edit Authorization List STRDFU
- Start DFU UPDDTA
- Update Data (Using DFU)
Users will have permission to run commands based on their authority to the command. They or their group can be given an individual or private authority to the command. Or they may have sufficient authority to run the command based on the *PUBLIC authority to the command. *PUBLIC authority is the default access that everyone has to the command if they haven't been given a private authority. Permissions to commands can be granted by running the Edit Object Authority (EDTOBJAUT), Grant Object Authority (GRTOBJAUT), Work with Authority (WRKAUT) or Change Authority (CHGAUT) command. To find out the permissions on the commands listed, run the Display Object Authority command. For example, DSPOBJAUT CHGUSRPRF *CMD will display the users authorized to the Change User Profile command.
Dig Deeper on Systems Management Tools
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ...
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ...
When error messages arise concerning attempts to use a permanent system object without authority, find the source of the issue by looking for an AF ...