Adopt User Authority at Runtime

  • Home
  • /
  • Blog
  • /
  • Adopt User Authority at Runtime

December 14, 2012

Adopt User Authority at Runtime

By NickLitten

December 14, 2012


More questions about adopting authority on IBM i Systems. So lets #discuss 😉

Adopt User Authority at Runtime

Question: I have a batch job which is run by the user but needs to use a file with security denied to the user. Somewhere I heard or read about adopt authority, which would allow the job to use the file if the adopted authority was granted

Answer 1. Happens all the time in packaged software. Change the owner of the program to a profile that would have authority, then use the change program command with adopt authority *yes and usrprf *owner.

CHGOBJOWN OBJ(PROGRAM) OBJTYPE(*PGM) NEWOWN(QSECOFR) CUROWNAUT(*SAME)
CHGPGM PGM(PROGRAM) USRPRF(*OWNER) USEADPAUT(*YES)

Question: While doing some testing I found several system facilities that ignore adopted authority, several areas have work-arounds, but triggers in particular do not. At this point I suspect that adopted authority is only viable in a discrete application. Does anyone know where I can find a list of system supplied programs and functions that ignore adopted authority? Are there any other ways to end adoption other than the specifying USEADPAUT(*NO) on the program or MODINVAU MI instruction? If there are no other ways to end adoption, is possible to find all programs that use MODINVAU? (4/2000)

Answer: To find out programs that use MODINVAU, try this command DSPPGMREF. NOTE: SQL ignores adopted authority unless it uses the DYNUSER value at runtime.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Join the IBM i Community for FREE Presentations, Lessons, Hints and Tips

>