|
I'll throw in my 2¢. When consolidating multiple applications on a single system I have had to deal with persons used to having *ALLOBJ authority. What I have done is given all of the application objects a single owner, then you can give an application admin "virtual *ALLOBJ" by making them a member of the owner profile. They have all authority to their own objects, while you can still keep them out of system objects or other applications. If set up correctly they can even administer their own user profiles without seeing any that don't belong to them. Regards, Scott Ingvaldson iSeries System Administrator GuideOne Insurance Group -----Original Message----- date: Tue, 22 Jun 2004 15:37:39 -0400 from: "Buck Calabro" <buck.calabro@xxxxxxxxxxxx> subject: Re: Locking out USRPRF with *ALLOBJ > Is there a way to lock a USRPRF that has > ALLOBJ authority out of a specific > library and/or command? As you've undoubtedly been told, you can't give someone the master key to the building and then have a particular lock which doesn't allow use of the master key. For whatever reason, computer OS folks have not adopted this particular real-world model. A workaround is to create a different user profile which is explicitly authorised to all the objects in the system (not via *ALLOBJ) - perhaps an *AUTL. Revoke that user from the command you want to secure. I don't think there is an easy, one-step method to do this. As a footnote, no one should ever use a *ALLOBJ profile for any daily work whatsoever. All too often, that person creates object which lesser profiles can not access, and it gradually becomes easier to give everyone *ALLOBJ than to change the authority on the mis-authorised objects. If one goes that route, one may as well not bother with authority. --buck This message and accompanying documents are covered by the Electronic Communications Privacy Act, 18 U.S.C. §§ 2510-2521, and contains information intended for the specified individual(s) only. This information is confidential. If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, copying, or the taking of any action based on the contents of this information is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.