Grant User Authority (GRTUSRAUT)
| Where allowed to run: All environments (*ALL) Threadsafe: No |
Parameters Examples Error messages |
The Grant User Authority (GRTUSRAUT) command grants authority to a user by referring to another user profile.
Note: You should use group support or authorization lists instead of the Grant User Authority (GRTUSRAUT) command support whenever possible for better performance in granting authority and the subsequent SAVSYS or SAVSECDTA function.
If a security officer issues this command, the authorities in the user profile are granted to the receiving user, including object management authority.
If this command is run by the owner of the user profile, all authorities for each object owned are granted, including object management authority.
For objects that the user profile being referred to does not own but is authorized to use, the user of this command must have object management authority and the authorities to be granted for the object, or must own the object. Otherwise, no authority is granted for the object.
Ownership of objects or authorities held by a user profile cannot be changed by this command. Database row and column access control masks and permissions cannot be changed by this command. Authorities to objects granted to a user profile are added to any authorities that the user profile already had.
Restrictions:
- The following user profiles cannot be specified for either of the parameters on this command:
QANZAGENT, QAUTPROF, QCLUMGT, QCLUSTER, QCOLSRV, QDBSHR, QDBSHRDO, QDFTOWN, QDIRSRV, QDLFM, QDOC, QDSNX, QEJB, QEJBSVR, QGATE, QIBMHELP, QIPP, QLPAUTO, QLPINSTALL, QLWISVR, QMGTC, QMSF, QNETSPLF, QNFSANON, QNTP, QPEX, QPM400, QRJE, QSNADS, QSPL, QSRVAGT, QSYS, QTCM, QTCP, QTMHHTP1, QTMHHTTP, QTSTRQS, QWEBADMIN, QWSERVICE, QYCMCIMOM, QYPSJSVR
| Top |
Parameters
| Keyword | Description | Choices | Notes |
|---|---|---|---|
| USER | User | Name | Required, Positional 1 |
| REFUSER | Referenced user | Name | Required, Positional 2 |
| Top |
User (USER)
Specifies the user profile to whom authority is to be granted.
This is a required parameter.
- name
- Specify the name of the user profile.
| Top |
Referenced user (REFUSER)
Specifies the user profile to be referred to for authority.
This is a required parameter.
- name
- Specify the name of the user profile.
| Top |
Examples
Example 1: Running GRTUSRAUT under QSECOFR User Profile
GRTUSRAUT USER(USRB) REFUSER(USRA)
This command grants the user profile USRB the same authorities that USRA has for all objects that USRA owns (including object management authority) or has authority to.
Example 2: Running GRTUSRAUT under User Profile USRA
GRTUSRAUT USER(USRB) REFUSER(USRC)
This command grants the user profile USRB the same authorities that USRC has for all objects that USRC has authorities to only if USRA, entering this command, has object management authority to the objects or is the owner of the objects being referred to.
| Top |
Error messages
*ESCAPE Messages
- CPF2204
- User profile &1 not found.
- CPF2211
- Not able to allocate object &1 in &3 type *&2.
- CPF2213
- Not able to allocate user profile &1.
- CPF2217
- Not authorized to user profile &1.
- CPF2222
- Storage limit is greater than specified for user profile &1.
- CPF2223
- Not authorized to give authority to object &1 in &3 type *&2.
- CPF2252
- Authority given to &2 objects. Authority not given to &3 objects.
| Top |