You can use the Limit capabilities field to limit the user’s ability to enter commands and to override the initial program, initial menu, current library, and attention-key-handling program specified in the user profile. This field is a tool for preventing users from experimenting on the system.
- Add User prompt:
- Restrict command line use
- CL parameter:
A user with limited capabilities can only run commands that are defined as being allowed to be used by limited users. The following commands are shipped by IBM with ALWLMTUSR(*YES):
- Sign off (SIGNOFF)
- Send message (SNDMSG)
- Display messages (DSPMSG)
- Display job (DSPJOB)
- Display job log (DSPJOBLOG)
- Start PC Organizer (STRPCO)
- Work with Messages (WRKMSG)
The Limit capabilities field in the user profile and the ALWLMTUSR parameter on commands apply only to commands that are run from the command line, the Command Entry display, FTP, REXEC, using the QCAPCMD API, or an option from a command grouping menu. Users are not restricted to perform the following actions:
- Run commands in CL programs that are running a command as a result of taking an option from a menu
- Run remote commands through applications
You can allow the limited capability user to run additional commands, or remove some of these commands from the list, by changing the ALWLMTUSR parameter for a command. Use the Change Command (CHGCMD) command. If you create your own commands, you can specify the ALWLMTUSR parameter on the Create Command (CRTCMD) command.
Possible values: Table 1 shows the possible values for the Limit capabilities field and what functions are allowed for each value.
|Change initial program||No||No||Yes|
|Change initial menu||No||Yes||Yes|
|Change current library||No||No||Yes|
|Change attention program||No||No||Yes|
|Enter commands||A few1||Yes||Yes|
Recommendations: Using an initial menu, restricting command line use, and providing access to the menu allow you to set up an environment for a user who does not need or want to access system functions.