Problem solve Get help with specific problems with your technologies, process and projects.

Restrict the use of *ALLOBJ for a user, who needs *ALLOBJ for most objects in the system

This tip shows you how to create a groups profile with *ALLOBJ.

Create a groups profile with *ALLOBJ authority and status DISABLED. Put the user (i.e. the system operator who has USERCLASS *SYSOPR), that should have full object control in that groups profile, but give that user NOT the *ALLOBJ special authority. Now you can exclude that userID for the objects you don't want him to access (for instance the commands STRDFU, UPDDTA and STRSQL). The accessibility for all other objects in the system stays open, because his owning Groups profile has *ALLOBJ authority.

This was last published in July 2001

Dig Deeper on Performance

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.