Profile ZENDADMIN

General discussion on Zend Server for IBM System i
Post Reply
mlladigue
Posts: 1
Joined: Thu Apr 12, 2012 8:37 pm

Profile ZENDADMIN

Post by mlladigue » Wed Jan 30, 2013 10:30 pm

Hi all,

Is there any issue if I change the userprofile ZENDADMIN to have the initial menu to *SIGNOFF ?

Thanks in advance for your answer.

Marie

timo_karvinen
Posts: 82
Joined: Wed Aug 12, 2009 7:58 am
Location: Tampere, Finland
Contact:

Re: Profile ZENDADMIN

Post by timo_karvinen » Thu Jan 31, 2013 9:42 am

Hi.

Don't hold me to this, but if I recall correctly we have successfully done so on some of our customers machines.
This shouldn't have any real effect for two reasons:
- The profile is not supposed to be used to login interactively.
- The default configuration has the profile without password, so as long as you have not defined password for it, it can't be used to login interactively anyway.

-Timo

zend_i5
Posts: 158
Joined: Mon Mar 23, 2009 5:22 pm

Re: Profile ZENDADMIN

Post by zend_i5 » Tue Feb 05, 2013 7:00 am

ZENDADMIN user profile only function is to own the ZENDSVR library. So there is no problem to remove sign-on option. You could also change ZENDADMIn user class to *SYSOPR and remove *SECADM special authority

adominguez24
Posts: 19
Joined: Tue Jun 29, 2010 8:14 pm

Re: Profile ZENDADMIN

Post by adominguez24 » Wed May 15, 2013 4:59 pm

Hello there,

For audit purposes our company would like to remove *ALLOBJ authority for this profile (ZENDADMIN). When we did, it seemed to have affected some of our apps that used the i5 Toolkit. I know we should be replacing the i5 Toolkit with the XML Toolkit but at the moment, we don't have the resources to do that. Is there a way to remove *ALLOBJ authority without having any ill affects?


Cheers.

adominguez24
Posts: 19
Joined: Tue Jun 29, 2010 8:14 pm

Re: Profile ZENDADMIN

Post by adominguez24 » Wed May 29, 2013 4:33 pm

Can anyone help me out with this?

User avatar
shlomov
Zend Global Support
Posts: 140
Joined: Mon Dec 29, 2008 2:38 pm

Re: Profile ZENDADMIN

Post by shlomov » Tue Mar 07, 2017 12:03 pm

ZENDADMIN, requires the - *ALLOBJ *JOBCTL *SPLCTL special authority.
ZENDADMIN, needs the authority to start the Zend Processes/Components.

ZENDADMIN does not need to be associated with user class *SECOFR and can use other user classes as long as "Special authority . . . . . . . SPCAUT"
is set with above special authority listed.

Remember password is not available(blank) and the user is used internally within the server.
Local password management . . . . . . . . : *NO

Our directories and product programs are accessed by QSECOFR/QTMHHTTP all others excluded.
*PUBLIC *EXCLUD
QTMHHTTP *RWX
QSECOFR *RWX
Shlomo Vanunu
IBM System i

Post Reply