AlanW-GT
Member
We are auditing a client who is running their ERP application on AS/400.
While reviewing the AS/400 user list, we noticed that nearly all of the individuals who were assigned to the *USER class had been granted the special authority of *ALLOBJ; Users provided with this special authority are allowed to access any object on the AS/400 system (IBM strongly recommends not assigning special authorities to individuals in the *USER class).
The client states that the *ALLOBJ special authority is needed for a group profile (QUIZUSER) to run jobs from the custom menu option. The client had previously removed the *ALLOBJ special authority from this group profile and users were not able to run the custom report jobs.
Does anyone have an idea of how the client can have users run custom report jobs without being granted the *ALLOBJ special authority?
Any suggestions would be appreciated.
While reviewing the AS/400 user list, we noticed that nearly all of the individuals who were assigned to the *USER class had been granted the special authority of *ALLOBJ; Users provided with this special authority are allowed to access any object on the AS/400 system (IBM strongly recommends not assigning special authorities to individuals in the *USER class).
The client states that the *ALLOBJ special authority is needed for a group profile (QUIZUSER) to run jobs from the custom menu option. The client had previously removed the *ALLOBJ special authority from this group profile and users were not able to run the custom report jobs.
Does anyone have an idea of how the client can have users run custom report jobs without being granted the *ALLOBJ special authority?
Any suggestions would be appreciated.