Options would be:

Add QSYSOPR to the profile in question as a GRPPRF or SUPGRPPRF. That
would probably be easiest if it's allowed for you.

Grant authority to the PWRDWNSYS command for the user in question:
GRTOBJAUT OBJ(PWRDWNSYS) OBJTYPE(*CMD) USER(userprf) AUT(*USE) As Rob
pointed out, this may also require granting authority to additional
commands.

Create an authorization list to control access to these commands and add
the USRPRF to that.

Create a wrapper command that allows the user to adopt the authority to
run these commands.


Regards,

Scott Ingvaldson
Senior IBM Support Specialist
Fiserv Midwest


-----Original Message-----
From: Pat Barber [mailto:mboceanside@xxxxxxxxxxxxxxxx]
Sent: Tuesday, January 08, 2008 3:27 PM
To: Midrange Systems Technical Discussion
Subject: Re: Security Question

I'm aware of the grant special authority.

So, a person with *sysopr apparently does not have authority to power
down and needs to be granted the special authority ?

I find that odd.

Ingvaldson, Scott wrote:

Is he a member of group QSYSOPR? Being a *SYSOPR only gives a profile
*SAVSYS and *JOBCTL authority, it should NOT give authority to the
PWRDWNSYS command by itself.

You will either need to make QSYSOPR a group and the operator a member
of the group or grant some specific authority to the PWRDWNSYS command.






As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.