Manage Learn to apply best practices and optimize your operations.

Provide authorization in order for a user to start a subsystem within startup routine

Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the information provided by the DSPAUDJRNE command to solve the problem.

We are trying to start a subsystem in our startup routine and are receiving a message in sysop messages: Not authorized to library (library name).

The user that signed on following IPL has *SECOFR user class and special authorities equal to QSECOFR. Why doesn't he have authorization to this user library, and how do I provide authorization?

i5/OS does not look at the user class when checking whether the process has sufficient authority to an object. From the way you explained the situation, it sounds like the user does have *ALLOBJ special authority.

To determine the cause of the issue, look in the audit journal (QAUDJRN) for an authority failure (AF) message where the object name is the name of the library. There may be enough information provided by running the DSPAUDJRNE command to solve the problem.

It is possible that the failure is for a profile that you are not expecting to be running the process. If DSPAUDJRNE does not provide enough information, send the contents of the audit journal to an outfile and query it by using the CPYAUDJRNE command.

Dig Deeper on iSeries system and application security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.