Re: Allowing power users to re-enable users

["Jim Franz" <franz400@xxxxxxxxxxxx>]

>Now, we just have to trust the people that have authority to do this.
1. don't give them any command in this adopted pgm that presents or can exit
to a command line.
2. turn on the security audit journal and audit all security changes.
jim

----- Original Message -----
From: "Wills, Mike N. (TC)" <MNWills@xxxxxxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'" <midrange-l@xxxxxxxxxxxx>
Sent: Thursday, June 26, 2003 12:28 PM
Subject: RE: Allowing power users to re-enable users


> Thanks, this worked. I knew how to make the CL, it was the authority that
we
> had the problems with. This will completely take care of it now. Now, we
> just have to trust the people that have authority to do this.
>
> -----Original Message-----
> From: Raul A Jager
>
> You can write a CL program that receives one parameter, the user
> profile, and calls  CHGUSRPRF to change that user's password.  You need
> to set the adopted autority to *owner, and make the owner QSECOFR or
> some other profile with enough authority.  Then you can set the
> permisions to the program as public *exclude, and list the people the
> are allowede to use it.
>
> It may be a good idea to also generate a log.
>
> Raul
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>