*SERVICE special authority
Service (*SERVICE) special authority allows the user to start system service tools using the STRSST command. This special authority allows the user to debug a program with only *USE authority to the program and perform the display and alter service functions. It also allows the user to perform trace functions.
The dump function can be performed without *SERVICE authority.
Risks: A user with *SERVICE special authority can display and change confidential information using service functions. The user must have *ALLOBJ special authority to change the information using service functions.
To minimize the risk for trace commands, users can be given authorization to perform service tracing without the *SERVICE special authority. In this way, only specific users have the ability to perform a trace command, which can grant them access to sensitive data. The user must be authorized to the command and have either *SERVICE special authority, or be authorized to the Service Trace function of i5/OS through Application Administration in System i® Navigator. The Change Function Usage (CHGFCNUSG) command, with the function ID of QIBM_SERVICE_TRACE, can also be used to change the list of users that are allowed to perform trace operations.
| STRCMNTRC | Start Communications Trace |
| ENDCMNTRC | End Communications Trace |
| PRTCMNTRC | Print Communications Trace |
| DLTCMNTRC | Delete Communications Trace |
| CHKCMNTRC | Check Communications Trace |
| TRCCNN | Trace Connection (see Granting access to traces) |
| TRCINT | Trace Internal |
| STRTRC | Start Job Trace |
| ENDTRC | End Job Trace |
| PRTTRC | Print Job Trace |
| DLTTRC | Delete Job Trace |
| TRCTCPAPP | Trace TCP/IP Application |
| WRKTRC | Work with Traces |