User profile and group profile security - IBM - AS/400

An OS/400 user profile must be set up for every iSeries user.This allows the user access to the iSeries (running at security level 20 or above). It also holds authority information and default classes, that is *PGMR, *USER, and *SECADM. These classes give special authority to certain areas of security, namely, spool control, job control, and access to all objects existing on the OS/400. When a user creates a program or file object, the user has owner authority to that object, that is, full object rights. Only profiles with all object authority can have full authority to these objects. All other profiles have to be authorized using either the GRTOBJAUT command or the EDTOBJAUT command.

A group profile can be set up that has special authority or specific authority to certain objects. A user profile can then be set up that references a group profile.

The group profile is created using the CRTUSRPRF CL command, and an option on this command allows a user profile to refer to a group profile. For example, several employees working in the payroll department may need access to certain critical files. You could give access to each object in each user profile. Alternatively, you could create a group profile that gives access to these objects and change the user profiles to refer to the group profile.


All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

IBM - AS/400 Topics