Resolution
Goal: How do I grant authority to a user only to the "Reactivate profile from archive" option?
Goal: How can I authorize a user only to the "Reactivate profile from archive" option without granting authority to all of PSSecure?
Fact: NetIQ Security Solutions for iSeries 8.0
Fact: PSSecure
Fact: Profile & Password Management (PPM)
Fact: User Profile Management (UPM)
Fact: ZPRP27
Fact: Work with Archived User Profiles
Fix: To authorize a user only to the "Reactivate profile from archive" option, refer to the steps below.
- From PSMENU, select options 2, 1, 6 (Select Other Application).
- Use option 1 (=Select) to select application PS.
- Select options 2, 1 (Work With Cmds & Programs).
- Find Function Code ZPRP27.
- Select Function Code ZPRP27 with option 3 (=Copy).
- Specify New Function Code ZPRP27U.
- Find new function code ZPRP27U.
- Use option 1 (=Select) to select ZPRP27U.
- Change the Command String to CALL ZPRP27, press Enter.
- Press F12 twice.
- Select options 3, 1 (Work With Users).
- Select user *DEFAULT with option 3 (=Copy) to use it as a base for creating in SMS the profile that will access ZPRP27U.
- Press Enter, then F3 to exit.
Run the following command and for "userprofile" specify the user that will access ZPRP27U :
GRTOBJAUT OBJ(PSSECURE/ZPRP27) OBJTYPE(*PGM) USER(userprofile) AUT(*USE)
The user can now access "Work with Archived User Profiles" with the following command:
STRMS PS ZPRP27U *PGM