Planning security for system programmers or managers

You can limit the authority given to system programmers or managers to protect the files on your system.

Most systems have someone responsible for housekeeping functions. This person monitors the use of system resources, particularly disk storage, to make sure that users regularly remove unused objects to free space. System programmers need broad authority to observe all the objects on the system. However, they do not need to view the contents of those objects.

You can use adopted authority to provide a set of display commands for system programmers, rather than giving special authorities in their user profiles.

For example, you might want Sue and Fred to be the two people who can create and change user profiles without giving them special authorities. You can achieve this by doing the following steps.
  1. Write a command or program that is a front end to the CRT/CHGUSRPRF command.
  2. Have the command or program adopt a profile that can do the creates and changes.
  3. Authorize Sue and Fred to the program.
Then Sue and Fred can only do the task through the application.