© 2010 The PowerTech Group, Inc.
All Rights Reserved
Security Administrator. *SECADM special authority provides the ability to maintain user profiles. When creating or changing profiles, the *SECADM cannot assign special authorities that they do not possess. It’s like having a head cold, you can’t give it to someone else if you don’t have it. There’s one caveat, only if the user has *ALLOBJ and *SECADM can the user assign *SECADM to another profile.
*SECADM does not provide the ability to change user profiles that the user does not have authority to. For instance, a user with *SECADM typically will not be able to change the QSECOFR password, unless they also have *ALLOBJ special authority.
A user with *SECADM can create and change user profiles at will. You need to insure that the user understands your system security policies regarding user profiles. As a further step, you will want to audit user profile creation and changes to verify compliance.
© 2010 The PowerTech Group, Inc.
All Rights Reserved