Skip to content
  • Articles
  • About API – my my

Articles on Apis

APIs by Example

Written by Carsten FlensburgJanuary 20, 2005August 31, 2017

APIs By Example: Profile Authorization Management

In the previous installment of APIs by Example, I presented the
Override Group Profile (OVRGRPPRF) command, which enables a temporary
change of a job’s current group profile. To control when and for how
long to make the OVRGRPPRF command available, the command includes an
authorization code parameter that is to be requested from a security
administrator.

To allow a security administrator to issue an authorization code, the
Add Profile Authorization Code (ADDPRFAUT) command is provided, and
with this week’s version of the OVRGRPPRF command, no user will be
able to run that command without an authorization code.

The new version of the OVRGRPPRF command further addresses two issues
that emerged after publication:

  1. At security level 40 and above, the command’s “hidden” profile
    token parameter would be passed by value the first time the OVRGRPPRF
    command was run in a job, causing the command to fail. (However, any
    further attempts would succeed.) The passing of the profile token
    parameter has been changed and is now performed by means of a
    temporary user space.
  2. In the event that the OVRGRPPRF command was run by a user profile
    that had OWNER(*GRPPRF) specified, the system would not allow a change
    of the effective group profile, so the command would fail.

By temporarily adding the original group profile to the current job’s
array of supplemental groups, it was possible to address this problem
on systems running V5R2 or later. (Thank you Jean-Marie Sauvageot for
reporting these issues.)

Download the save file containing the source code.

Read the entire article

Share this:

  • Twitter
  • Facebook

Like this:

Like Loading...
Posted in Security, User profile.

Leave a Reply Cancel reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. ( Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. ( Log Out /  Change )

Cancel

Connecting to %s

Archives

Category

API usage Application modernization Commands Cross reference Cryptographic services Database file Data queue Date and time Digital certificate manager Display file Document conversion DSM eBook Environment variables Exit points Hardware Help panel IFS Job Job accounting Job queue Job scheduler Job screen Journal LAN Locales Messages MI Module information NetServer Object Object authority Object locks Output queue PEX Printer Programs PTF Query Retrive journal entries RPG Save & restore Security SMTP Spooled files SQL Subsystem Systems management TCP/IP Tips Track exports Trigger UIM User profile User spaces Validation lists Watch definition Workload capping groups Work management XML ZIP

Blogroll

  • Scott Klement's site
  • Dan Riehl's site
  • Lillian Boutté
  • Anette Harboe Flensburg
  • Eamon O'Kane

Post navigation

Previous Post New Commands for Checking and Retrieving User Special Authorities
Next Post APIs by Example: Analyze Activation Groups
Blog at WordPress.com.
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
  • Follow Following
    • Articles on Apis
    • Already have a WordPress.com account? Log in now.
    • Articles on Apis
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Copy shortlink
    • Report this content
    • View post in Reader
    • Manage subscriptions
    • Collapse this bar
%d bloggers like this: