BeatrixKiddo
ISP
Is there anyone with experience on AS/400, especificaly an aplication called DBS?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Dealers Business System on AS/400
- Thread starter BeatrixKiddo
- Start date
- Status
- Thread starter
- #3
BeatrixKiddo
ISP
What kind of report should I ask for or where do I need to look to know which users at OS level has superuser administrative rights?
jmd0252
Programmer
- May 15, 2003
- 667
- 0
- 0
my guess would be that the software users the IBM security, but could also be like the old JD Edwards World software,, which adds security with in its database configuration. Are you asking "how to sign the AS400",, or how to sign on the DBS.
The AS400 user that has those rights is the built-in QSECOFR user. There could be other users that have the same rights but QSECOFR is built-in. If you don't know what the passwords are, the only thing I know to do is to contact IBM. They can send someone to reset the QSECOFR password. There may be other ways.
Some machines have never had their QSECOFR password changed which is really stupid. The default password for QSECOFR is QSECOFR.
Some machines have never had their QSECOFR password changed which is really stupid. The default password for QSECOFR is QSECOFR.
- Thread starter
- #6
BeatrixKiddo
ISP
Ok, got it, but how can I see the privilages or rolls of other accounts?
(I'm not the administrator, I'm doing a kind of small auditory on the systems)
(I'm not the administrator, I'm doing a kind of small auditory on the systems)
jmd0252
Programmer
- May 15, 2003
- 667
- 0
- 0
you have to be able to query the file, and print it,, which means you have to know IBM query or get the system administrator to do it for you.. Depending on the level of security established on the AS400,, it could go a deep as what file they are able to use. If the admin has established "roles",, for them they should be able to tell you that.
- Thread starter
- #8
i never used SECTOOLS but if you have access to that you should be able to run the DSPUSRPRF command.
The command, DSPUSRPRF, has the info regarding the authorities of a user. Type it on a command line.
SECTOOLS may be more useful to you, though. option 9, print profile internals looks interesting.
The command, DSPUSRPRF, has the info regarding the authorities of a user. Type it on a command line.
SECTOOLS may be more useful to you, though. option 9, print profile internals looks interesting.
- Thread starter
- #10
BeatrixKiddo
ISP
I need to know which other accounts could have the access rigths of QSECOFR or at lest *ALLOBJ and/or *SECADM.
Use the DSPUSRPRF command as follows:
That will create a file that can be queried. A field in the file lists the special authorities the profile can have. The field is UPSPAU. It is 150 bytes.
The field can have multiple values.
You can query like this:
Code:
DSPUSRPRF USRPRF(*ALL) TYPE(*BASIC) OUTPUT(*OUTFILE) OUTFILE(library/file)That will create a file that can be queried. A field in the file lists the special authorities the profile can have. The field is UPSPAU. It is 150 bytes.
The field can have multiple values.
You can query like this:
Code:
SELECT UPUPRF, UPSPAU FROM DSPUSRPRF
WHERE UPSPAU LIKE '%*ALLOBJ%'- Thread starter
- #12
- Status
Similar threads
- Locked
- Question
- Locked
- Question