IBM Support

Restricting Users From Using the Command Line



This document includes information on restricting users from being able to type commands on the command line.

Resolving The Problem

To limit users from using the command line, do the following for each user profile:

1. Issue the CHGUSRPRF command (<F4>) to prompt the command, then select <F10> for additional parameters.
2. Change the Limit Capabilities to *YES. This will prevent users from using the command line.

Users will still be authorized to some commands; however, they will only be able to use those commands from a menu. Every command has an "Allow Limited User" parameter. By default, this is set to *NO. The following commands are an exception and are shipped with *YES. These commands are SIGNOFF, SNDMSG, DSPMSG, DSPJOB, DSPJOBLOG, STRPCO, and WRKMSG. To view what the 'Allow Limited User parameter is set to for a specific command, use the DSPCMD command and enter the command in question.

Note: The limited capabilities apply only to the i5 OS command line. If limited capabilities for the user profile is set to *YES and Allow Limited User is set to *NO for the command, but the user is still able to run the command, they may be using a third-party command line. You should try CALL QCMD to get to the i5 OS command line and issue the command again.

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.1.0"}]

Historical Number


Document Information

Modified date:
11 November 2019