On Thursday, May 15, 1997, 09:39 AM, Boris Mezhibovskiy wrote: We are currently running under V3R1. Some of our users have ALLOBJ authority. Is there any way to secure individual objects from users with ALLOBJ authority? We would appreciate any help! Use the EDTOBJAUT command, for individual objects. Once done, it makes no difference whether or not users have *ALLOBJ authority. David Abramowitz

fix the problem ; not the symptoms.. the problem is giving any user *ALLOBJ;why not give them the security officer password???? No One Ever Needed a Smaller, Slower PC

On Tuesday, May 20, 1997, 06:37 PM, Jim Langston wrote: I suggest that at least one other person than QSECOFR have *ALLOBJ authority, though. Happened to me. "Uhhh, what was the QSECOFR password again?". Luckily, my account had *ALLOBJ (secadm, same thing) and I was able to change the password of the security officer. When our AS/400 was young, I got a piece of advice about QSECOFR password: 'Make another user XSECOFR and put the password of that user to the safetybox'. Then everybody has an opportunity to work, if the only person who knows the password of QSECOFR dies. My opinion is that only those two users must have *ALLOBJ authority. I have a workstation with many sessions and I can start a new session for QSECOFR every time I need *ALLOBJ authority. To have *ALLOBJ authority is not that kind of status you should have. Matti Kujala <A > HREF="http://www.ahlstrom.com/"> Ahlstrom Kauttua ltd.</A> <A > HREF="http://www.vn.fi/vn/um/finfo/findeng.html"> Finland </A>