The Grant Object Authority (GRTOBJAUT) command or the Edit Object Authority command can be used to grant these object authorities.
Example:
The STARTDSP user profile starts the Dispatcher (YOBSYTCPDP or YOBSYTCP) on the System i, which does not have *ALLOBJ authority but has *SECADM authority. The CONNECTUSR user profile is the connecting client user profile.
GRTOBJAUT OBJ(QSYS/CONNECTUSR) OBJTYPE(*USRPRF) USER(STARTDSP) AUT(*OBJOPR *READ *EXECUTE)
Note: AUT(*OBJOPR *READ *EXECUTE) is equivalent to *USE authority when using the 'Edit Object Authority' (EDTOBJAUT) command.
In the previous example, the CONNECTUSR user profile will not be to able reset its own expired password because the STARTDSP user profile does not have Object Management (*OBJMGT) authority to the CONNECTUSR user profile.
In the next example, the CONNECTUSR user profile will be able to reset its own expired password because the STARTDSP user profile does have Object Management (*OBJMGT) authority to the CONNECTUSR user profile.
GRTOBJAUT OBJ(QSYS/CONNECTUSR) OBJTYPE(*USRPRF) USER(STARTDSP) AUT(*OBJMGT *OBJOPR *READ *EXECUTE)
|
Copyright © 2014 CA.
All rights reserved.
|
|