Special authorities

Several special authorities can be specified for a user. When you create a user profile, you can select special authorities based on the user class.

The system security level determines what the default special authorities are for each user class. Special authorities are also added and removed from user profiles when you change security levels.

You can specify these special authorities for a user:

*ALLOBJ
All-object special authority allows a user authority to perform all operations on objects.
*AUDIT
Audit special authority allows a user to define the auditing characteristics of the system, objects, and system users.
*IOSYSCFG
System configuration special authority allows a user to configure communication, and input and output devices on the system.
*JOBCTL
Job control special authority allows a user to control batch jobs and printing on the system.
*SAVSYS
Save system special authority allows a user to save and restore objects.
*SECADM
Security administrator special authority allows a user to work with user profiles on the system.
*SERVICE
Service special authority allows a user to perform software service functions on the system.
*SPLCTL
Spool control special authority allows unrestricted control of batch jobs and output queues on the system.

For more information about special authorities, see Using System Security (QSecurity) System Value in the IBM i Security Reference.