If the QMAXSIGN and QMAXSGNACN system values on your
system are set up to disable a user profile after too many password verification
attempts, you might need to enable the profile by changing the profile status
to *ENABLED.
To enable a user profile, you must have *SECADM special authority,
*OBJMGT authority, and *USE authority to the user profile. Normally, a system
operator does not have *SECADM special authority. A solution is to use a simple
program which adopts authority:
- Create a CL program owned by a user who has *SECADM special authority,
*OBJMGT authority, and *USE authority to the user profiles on the system.
Adopt the authority of the owner when the program is created by specifying
USRPRF(*OWNER).
- Use the EDTOBJAUT command to make the public
authority to the program *EXCLUDE and give the system operators *USE authority.
- The operator enables the profile by entering
CALL ENABLEPGM
profile-name.
- The main part of the ENABLEPGM program looks like this:
PGM &PROFILE
DCL VAR(&PROFILE) TYPE(*CHAR) LEN(10)
CHGUSRPRF USRPRF(&PROFILE) STATUS(*ENABLED)
ENDPGM