Limit capabilities

You can use the Limit capabilities field to limit the user’s ability to enter commands and to override the initial program, initial menu, current library, and attention-key-handling program specified in the user profile. This field is a tool for preventing users from experimenting on the system.

Add User prompt:
Restrict command line use
CL parameter:

A user with limited capabilities can only run commands that are defined as being allowed to be used by limited users. The following commands are shipped by IBM with ALWLMTUSR(*YES):

  • Sign off (SIGNOFF)
  • Send message (SNDMSG)
  • Display messages (DSPMSG)
  • Display job (DSPJOB)
  • Display job log (DSPJOBLOG)
  • Start PC Organizer (STRPCO)
  • Work with Messages (WRKMSG)

The Limit capabilities field in the user profile and the ALWLMTUSR parameter on commands apply only to commands that are run from the command line, the Command Entry display, FTP, REXEC, using the QCAPCMD API, or an option from a command grouping menu. Users are not restricted to perform the following actions:

  • Run commands in CL programs that are running a command as a result of taking an option from a menu
  • Run remote commands through applications

You can allow the limited capability user to run additional commands, or remove some of these commands from the list, by changing the ALWLMTUSR parameter for a command. Use the Change Command (CHGCMD) command. If you create your own commands, you can specify the ALWLMTUSR parameter on the Create Command (CRTCMD) command.

Possible values: Table 1 shows the possible values for the Limit capabilities field and what functions are allowed for each value.

Table 1. Functions allowed for limit capabilities values
Function *YES *PARTIAL *NO
Change initial program No No Yes
Change initial menu No Yes Yes
Change current library No No Yes
Change attention program No No Yes
Enter commands A few1 Yes Yes
These commands are allowed by default: SIGNOFF, SNDMSG, DSPMSG, DSPJOB, DSPJOBLOG, STRPCO, WRKMSG. The user cannot use F9 to display a command line from any menu or display.

Recommendations: Using an initial menu, restricting command line use, and providing access to the menu allow you to set up an environment for a user who does not need or want to access system functions.