Q
Problem solve Get help with specific problems with your technologies, process and projects.

Understanding the user class of a profile

Security expert Carol Woodbury tries to clarify user's confusion on the user class of a profile.

If a user has the QSECOFR class assigned to them but has the special authority *SECADM removed, does the user still have *SECADM abilities because they are assigned to the QSECOFR class?

A lot of confusion surrounds the User class of a profile. I don't know how this idea started, but many people are under the impression that the User class carries more meaning than it does. OS/400 only uses User class for three things on the system 1- to default the special authorities given to the profile when the profile is created, 2- to determine what OS/400 menu options the user sees and 3- to determine how to adjust the special authorities for users when moving from security level 20 to levels 30, 40 or 50 (at security level 20, all profiles, by default, are given *ALLOBJ and *SAVSYS, so OS/400 removes these based on the User class when the system level changes.)

A user can be in the *SECOFR user class and have no special authorities or the user can be in the *USER user class and have all of the special authorities. It really doesn't matter. OS/400 never checks the User class when it is looking to see if a user has sufficient authority to access an object or is looking to see if a user has a specific special authority.

That said, let's look at your question. You ask if a user is assigned to the "QSECOFR class" whether they still have *SECADM capabilities because they are in this class. First a bit of clarification -- there is no "QSECOFR class" so I'm guessing that you mean the *SECOFR User class. Next, as I explained above, OS/400 is going to look to see if the user has *SECADM special authority -- it is not going to look at the user profile's User class. So despite the fact that the user is in the *SECOFR User class, the user does not have *SECADM capabilities.

This was last published in July 2005

Dig Deeper on iSeries system documentation and support

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

Close