Resolving The Problem

To limit users from using the command line, do the following for each user profile:

1. Issue the CHGUSRPRF command (<F4>) to prompt the command, then select <F10> for additional parameters.
2. Change the Limit Capabilities to *YES. This will prevent users from using the command line.

Users will still be authorized to some commands; however, they will only be able to use those commands from a menu. Every command has an "Allow Limited User" parameter. By default, this is set to *NO. The following commands are an exception and are shipped with *YES. These commands are SIGNOFF, SNDMSG, DSPMSG, DSPJOB, DSPJOBLOG, STRPCO, and WRKMSG. To view what the 'Allow Limited User parameter is set to for a specific command, use the DSPCMD command and enter the command in question.

Note: The limited capabilities apply only to the i5 OS command line. If limited capabilities for the user profile is set to *YES and Allow Limited User is set to *NO for the command, but the user is still able to run the command, they may be using a third-party command line. You should try CALL QCMD to get to the i5 OS command line and issue the command again.