I know that there is a Domino command DSPDOMCSL (Display Domino Console) for operators to enquiry Domino server status. Under this command, by pressing F21, the operator can enter a command line. You may refer the section 4.6 from Lotus Domino for AS400 R5 - Implementation (an IBM Redbook).
I wonder if a user invokes a menu, which adopted QSECOFR authority, and call this command, he can perform QSECOFR tasks. Would you please advise whether it is possible or not and the reason?
If this menu adopts QSECOFR authority and the user is allowed to access a command line from that program, then yes... The user will be able to execute commands using QSECOFR authority. This is why you don't allow a user access to a command line when a menu program adopts a high level of authority.
However, a program attribute can be set that does not allow adopted authority to be used: USEADPAUT
Use adopted authority - Help
The value specified for the USEADPAUT option on the command used to change the program. This parameter specifies whether program adopted authority from previous call levels is used (*YES) or not used (*NO) when this program is running.
I'm unfamiliar with the Display Domino Console command and I don't have it on my system to check. But if F21 called a program that didn't use adopted authority and this program then displayed the command line, you wouldn't have any concerns. My guess is that this isn't how it was implemented though. Try executing a command that only QSECOFR has authority to from the F21 command line to test this out.
Another way to give a user a command line from a program that adopts authority is to present it via the attention key program. By default attention key programs do not adopt the authority of the calling program.
I hope this answers your question.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: tips, tutorials and more.
Ask your OS/400 questions--or help out your peers by answering them--in our live OS/400 discussion forums.
Dig Deeper on Past Releases
Related Q&A from Ken Graap
The BRMS Network feature allows a BRMS system to connect to other BRMS systems via a network, and enables a user to consolidate media such as backup ... Continue Reading
The only option to correct damage preventing file journaling is to use the RCLSTG command. Continue Reading
IBM's iSeries Backup and Recovery manual answers many questions related to system backup and disaster recovery. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.