Is there a way to prevent a user with *ALLOBJ special authority from accessing specific files/programs until I can get the *ALLOBJ authority away from them?
A user with *ALLOBJ special authority has access to all objects on the system, no matter how the authority for the objects is set. You can, however, take a different approach to take away access to the files. First, create a group profile with *ALLOBJ special authority using the CRTUSRPRF command. Make the user a member of this group with the CHGUSRPRF command. Also, take away the user's *ALLOBJ special Authority. Use EDTOBJAUT for the individual files/programs and exclude the user from them.
Now, the user will not have access to the files/programs, but will have access to everything else on the system. OS/400 checks the individual user's authority to an object before it checks the group profile's special authority.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: tips, tutorials and more.
Ask your OS/400 questions--or help out your peers by answering them--in our live OS/400 discussion forums.
Ask the Experts yourself: Our OS/400 gurus are waiting to answer your questions.
Dig Deeper on iSeries system and application security
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.