Troubleshooting
Problem
This document contains considerations for Adopted authority when utilizing user profile *OWNER in a program.
Resolving The Problem
Under normal circumstances, it is fair to assume that when specifying *OWNER for the user profile at either compile time of a CLP or using the CHGPGM command, the authorities for both the user running the program and the object owner will be utilized.
There is a minor caveat, however, when utilizing either the CRTUSRPRF or CHGUSRPRF commands in your CLP.
There is a restriction that has been in existence since release 7 of the System 38 operating system that requires the user running the CLP to have authorization to any associated group profiles being referenced in the command.
A very simple program to help demonstrate this scenario follows:
PGM
CRTUSRPRF USRPRF(GOPHERS) GRPPRF(GAWGRP) +
SUPGRPPRF(GAWGRP1 GAWGRP2)
DLYJOB DLY(600)
WRKACTJOB
ENDPGM
After compiling this program and specifying *owner for the user profile parameter, DSPPGM results in the following information:
Display Program Information
Program . . . . . . . : MSGTEST Library . . . . . . . : GEOFF
Owner . . . . . . . . : V8GEOFFW
Program attribute . . : CLP
Program creation information:
Program creation date/time . . . . . . . . . . . : 12/04/08 11:22:41
Type of program . . . . . . . . . . . . . . . . : OPM
Source file . . . . . . . . . . . . . . . . . . : QCLSRC
Library . . . . . . . . . . . . . . . . . . . : GEOFF
Source member . . . . . . . . . . . . . . . . . : MSGTEST
Source file change date/time . . . . . . . . . . : 12/04/08 11:05:27
Observable information . . . . . . . . . . . . . : *ALL
User profile . . . . . . . . . . . . . . . . . . : *OWNER
Use adopted authority . . . . . . . . . . . . . : *YES
Log commands (CL program) . . . . . . . . . . . : *JOB
Allow RTVCLSRC (CL program) . . . . . . . . . . : *YES
Fix decimal data . . . . . . . . . . . . . . . . : *NO
An assumption now exists that since *OWNER has been specified for the user profile, when this program is run by another user, the owner's (V8GEOFFW) authorities will be utilized as well as the user running the application. However, when this program is run by user GEOFF3, the following error occurs:
Job 235653/GEOFF3/QPADEV000J started on 12/04/08 at 11:42:00 in subsystem
QINTER in QSYS. Job entered system on 12/04/08 at 11:42:00.
> /* */
3 > call geoff/msgtest
Not authorized to object GAWGRP in QSYS.
CPF9802 received by MSGTEST at 200. (C D I R)
? C
Function check. CPF9802 unmonitored by MSGTEST at statement 200,
instruction X'000C'.
Display Message Details
Message ID . . . . . . : CPF9802 Severity . . . . . . . : 40
Date sent . . . . . . : 12/04/08 Time sent . . . . . . : 11:36:04
Message type . . . . . : Escape
From . . . . . . . . . : GEOFF3 CCSID . . . . . . . . : 65535
From program . . . . . . . . . : QSYUP
From library . . . . . . . . : QSYS
Instruction . . . . . . . . : 3748
To program . . . . . . . . . . : MSGTEST
To library . . . . . . . . . : GEOFF
Instruction . . . . . . . . : 000C
Time sent . . . . . . . . . . : 11:36:04.940400
You now find yourself wondering just what in the world is going on? You check the present object authorities for the group profile and find the following:
Edit Object Authority
Object . . . . . . . : GAWGRP Owner . . . . . . . : V8GEOFFW
Library . . . . . : QSYS Primary group . . . : *NONE
Object type . . . . : *USRPRF ASP device . . . . . : *SYSBAS
Object
User Group Authority
*PUBLIC *EXCLUDE
V8GEOFFW *ALL
GAWGRP USER DEF
GEOFF9 USER DEF
Object ----------Object-----------
User Group Authority Opr Mgt Exist Alter Ref
*PUBLIC *EXCLUDE
V8GEOFFW *ALL X X X X X
GAWGRP USER DEF X X
GEOFF9 USER DEF X X
Object ---------------Data---------------
User Group Authority Read Add Update Delete Execute
*PUBLIC *EXCLUDE
V8GEOFFW *ALL X X X X X
GAWGRP USER DEF X X X X X
GEOFF9 USER DEF X X X X
Why didn't this work?
Back to the earlier statement dealing with the restriction on the CRTUSRPRF and CHGUSRPRF commands. If these commands are utilized within your program, you will need to ensure that the user running the program has the proper authority to the group profiles. Assuming that the owner's authorities will satisfy this is an incorrect assumption, due to the restriction.
There is a minor caveat, however, when utilizing either the CRTUSRPRF or CHGUSRPRF commands in your CLP.
There is a restriction that has been in existence since release 7 of the System 38 operating system that requires the user running the CLP to have authorization to any associated group profiles being referenced in the command.
A very simple program to help demonstrate this scenario follows:
PGM
CRTUSRPRF USRPRF(GOPHERS) GRPPRF(GAWGRP) +
SUPGRPPRF(GAWGRP1 GAWGRP2)
DLYJOB DLY(600)
WRKACTJOB
ENDPGM
After compiling this program and specifying *owner for the user profile parameter, DSPPGM results in the following information:
Display Program Information
Program . . . . . . . : MSGTEST Library . . . . . . . : GEOFF
Owner . . . . . . . . : V8GEOFFW
Program attribute . . : CLP
Program creation information:
Program creation date/time . . . . . . . . . . . : 12/04/08 11:22:41
Type of program . . . . . . . . . . . . . . . . : OPM
Source file . . . . . . . . . . . . . . . . . . : QCLSRC
Library . . . . . . . . . . . . . . . . . . . : GEOFF
Source member . . . . . . . . . . . . . . . . . : MSGTEST
Source file change date/time . . . . . . . . . . : 12/04/08 11:05:27
Observable information . . . . . . . . . . . . . : *ALL
User profile . . . . . . . . . . . . . . . . . . : *OWNER
Use adopted authority . . . . . . . . . . . . . : *YES
Log commands (CL program) . . . . . . . . . . . : *JOB
Allow RTVCLSRC (CL program) . . . . . . . . . . : *YES
Fix decimal data . . . . . . . . . . . . . . . . : *NO
An assumption now exists that since *OWNER has been specified for the user profile, when this program is run by another user, the owner's (V8GEOFFW) authorities will be utilized as well as the user running the application. However, when this program is run by user GEOFF3, the following error occurs:
Job 235653/GEOFF3/QPADEV000J started on 12/04/08 at 11:42:00 in subsystem
QINTER in QSYS. Job entered system on 12/04/08 at 11:42:00.
> /* */
3 > call geoff/msgtest
Not authorized to object GAWGRP in QSYS.
CPF9802 received by MSGTEST at 200. (C D I R)
? C
Function check. CPF9802 unmonitored by MSGTEST at statement 200,
instruction X'000C'.
Display Message Details
Message ID . . . . . . : CPF9802 Severity . . . . . . . : 40
Date sent . . . . . . : 12/04/08 Time sent . . . . . . : 11:36:04
Message type . . . . . : Escape
From . . . . . . . . . : GEOFF3 CCSID . . . . . . . . : 65535
From program . . . . . . . . . : QSYUP
From library . . . . . . . . : QSYS
Instruction . . . . . . . . : 3748
To program . . . . . . . . . . : MSGTEST
To library . . . . . . . . . : GEOFF
Instruction . . . . . . . . : 000C
Time sent . . . . . . . . . . : 11:36:04.940400
You now find yourself wondering just what in the world is going on? You check the present object authorities for the group profile and find the following:
Edit Object Authority
Object . . . . . . . : GAWGRP Owner . . . . . . . : V8GEOFFW
Library . . . . . : QSYS Primary group . . . : *NONE
Object type . . . . : *USRPRF ASP device . . . . . : *SYSBAS
Object
User Group Authority
*PUBLIC *EXCLUDE
V8GEOFFW *ALL
GAWGRP USER DEF
GEOFF9 USER DEF
Object ----------Object-----------
User Group Authority Opr Mgt Exist Alter Ref
*PUBLIC *EXCLUDE
V8GEOFFW *ALL X X X X X
GAWGRP USER DEF X X
GEOFF9 USER DEF X X
Object ---------------Data---------------
User Group Authority Read Add Update Delete Execute
*PUBLIC *EXCLUDE
V8GEOFFW *ALL X X X X X
GAWGRP USER DEF X X X X X
GEOFF9 USER DEF X X X X
Why didn't this work?
Back to the earlier statement dealing with the restriction on the CRTUSRPRF and CHGUSRPRF commands. If these commands are utilized within your program, you will need to ensure that the user running the program has the proper authority to the group profiles. Assuming that the owner's authorities will satisfy this is an incorrect assumption, due to the restriction.
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"6.1.0"}]
Historical Number
508148661
Was this topic helpful?
Document Information
Modified date:
17 September 2020
UID
nas8N1013328