Special authorities
Several special authorities can be specified for a user. When you create a user profile, you can select special authorities based on the user class.
The system security level determines what the default special authorities are for each user class. Special authorities are also added and removed from user profiles when you change security levels.
You can specify these special authorities for a user:
- *ALLOBJ
- All-object special authority allows a user authority to perform all operations on objects.
- *AUDIT
- Audit special authority allows a user to define the auditing characteristics of the system, objects, and system users.
- *IOSYSCFG
- System configuration special authority allows a user to configure communication, and input and output devices on the system.
- *JOBCTL
- Job control special authority allows a user to control batch jobs and printing on the system.
- *SAVSYS
- Save system special authority allows a user to save and restore objects.
- *SECADM
- Security administrator special authority allows a user to work with user profiles on the system.
- *SERVICE
- Service special authority allows a user to perform software service functions on the system.
- *SPLCTL
- Spool control special authority allows unrestricted control of batch jobs and output queues on the system.
For more information about special authorities, see Using
System Security (QSecurity) System Value
in the IBM i Security
Reference.