About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Troubleshooting
Problem
This document explains how to restrict users from the System Request menu.
Resolving The Problem
How can I restrict users from the System Request menu?
To prevent users from accessing the System Request menu, restrict authority to the panel group QGMNSYSR.
To prevent specific users from seeing the System Request Menu, specify *EXCLUDE authority for those users. On any operating system command line, type the following:
To prevent most users from seeing the System Request Menu, you can also revoke public authority and grant *USE authority to specific users. On the operating system command line, type:
To prevent users from selecting specific options from the System Request Menu, restrict the authority to the associated commands. The following shows the commands associated with the menu options.
Notes:
For example, to prevent users from transferring to an alternative interactive job, revoke public authority to the Transfer to Secondary Job interactive job, revoke public authority to the Transfer to Secondary Job (TFRSECJOB) command, and grant authority only to specific users:
If a user selects an option for which the user does not have authority, a message is displayed. If you want to prevent users from general use of the commands from the System Request menu but still want them to be able to run a command at a specific time (such as sign-off), create a CL program that adopts the authority of an authorized user and runs the command.
To prevent users from accessing the System Request menu, restrict authority to the panel group QGMNSYSR.
To prevent specific users from seeing the System Request Menu, specify *EXCLUDE authority for those users. On any operating system command line, type the following:
GRTOBJAUT OBJ(QSYS/QGMNSYSR) OBJTYPE(*PNLGRP) USER(USERA) AUT(*EXCLUDE)To prevent most users from seeing the System Request Menu, you can also revoke public authority and grant *USE authority to specific users. On the operating system command line, type:
RVKOBJAUT OBJ(QSYS/QGMNSYSR) OBJTYPE(*PNLGRP) USER(*PUBLIC) AUT(*ALL) GRTOBJAUT +
OBJ(QSYS/QGMNSYSR) OBJTYPE(*PNLGRP) USER(USERA) AUT(*USE)To prevent users from selecting specific options from the System Request Menu, restrict the authority to the associated commands. The following shows the commands associated with the menu options.
|
Option
|
Command |
|
1
|
Transfer Secondary Job (TFRSECJOB) |
|
2
|
End Request (ENDRQS) |
|
3
|
Display Job (DSPJOB) |
|
4
|
Display Message (DSPMSG) |
|
5
|
Send Message (SNDMSG) |
|
6
|
Display Message (DSPMSG) |
|
7
|
Display Work Station User (DSPWSUSR) |
|
10
|
See Note 1. |
|
11
|
See Note 1. |
|
12
|
Display 3270 emulation options (See Note 2.) |
|
80
|
Disconnect Job (DSCJOB) |
|
90
|
Sign-Off (SIGNOFF) |
Notes:
| 1. | Options 10 and 11 are displayed only if display station pass-through has been started with the Start Pass-Through (STRPASTHR) command. Option 10 is displayed only on the target system. |
| 2. | Option 12 is displayed only when 3270 emulation is active. |
| 3. | Some of the options have restrictions for the IBM System/36 environment. See the System/36 Migration Planning manual for more information about these restrictions. |
RVKOBJAUT OBJ(TFRSECJOB) OBJTYPE(*CMD) USER(*PUBLIC) AUT(*ALL)GRTOBJAUT OBJ(TFRSECJOB) OBJTYPE(*CMD) USER(USERA) AUT(*USE)If a user selects an option for which the user does not have authority, a message is displayed. If you want to prevent users from general use of the commands from the System Request menu but still want them to be able to run a command at a specific time (such as sign-off), create a CL program that adopts the authority of an authorized user and runs the command.
[{"Type":"MASTER","Line of Business":{"code":"LOB68","label":"Power HW"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CHyAAM","label":"Security"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions"}]
Historical Number
4320036
Was this topic helpful?
Document Information
More support for:
IBM i
Component:
Security
Software version:
All Versions
Operating system(s):
IBM i
Document number:
637129
Modified date:
07 October 2024
UID
nas8N1014682
Manage My Notification Subscriptions
