Limit capabilities

Add User prompt:

Restrict command line use

CL parameter:

LMTCPB

Length:

10

A user with limited capabilities can only run commands that are defined as being allowed to be used by limited users. The following commands are shipped by IBM with ALWLMTUSR(*YES):

• Sign off (SIGNOFF)
• Send message (SNDMSG)
• Display messages (DSPMSG)
• Display job (DSPJOB)
• Display job log (DSPJOBLOG)
• Start PC Organizer (STRPCO)
• Work with Messages (WRKMSG)

The Limit capabilities field in the user profile and the ALWLMTUSR parameter on commands apply only to commands that are run from the command line, the Command Entry display, FTP, REXEC, using the QCAPCMD API, or an option from a command grouping menu. Users are not restricted to perform the following actions:

• Run commands in CL programs that are running a command as a result of taking an option from a menu
• Run remote commands through applications

You can allow the limited capability user to run additional commands, or remove some of these commands from the list, by changing the ALWLMTUSR parameter for a command. Use the Change Command (CHGCMD) command. If you create your own commands, you can specify the ALWLMTUSR parameter on the Create Command (CRTCMD) command.

Possible values: Table 1 shows the possible values for the Limit capabilities field and what functions are allowed for each value.

Recommendations: Using an initial menu, restricting command line use, and providing access to the menu allow you to set up an environment for a user who does not need or want to access system functions.