Michael Smith wrote on 04/13/2006 02:11:20 PM:

> I have a program(PGMA) that is owned by QSECOFR and is user is set to
> *OWNER.  This program performs a CRTUSRPRF.  The profile being created
> is using a supplemental group that is owned by QSECOFR
>
> However when I run the program, I'm told I don't have authority to the
> supplemental group.
>
> This is done when a group of programs to process new users.  I thought
> maybe somewhere in the call stack there was a problem, so I created a
> test program to do the same thing.  Same results.
>
> IF the program is adopting QSECOFR, shouldn't it have authority to this.

Adopted authority is not used in some situations. This is one of them.
According to the information for CRTUSRPRF found in Appendix D of the
Security Reference manual a user must have *OBJMGT, *OBJOPR, *READ, *ADD,
*UPD, plus *DLT authority to the user profile specified on the GRPPRF and
SUPGRPPRF parameters. But there is a footnote and it says "*OBJMGT
authority to the group profile cannot come from adopted authority".

Ed Fishel,
edfishel@xxxxxxxxxx


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.