You are here:

Switch Options for System User screen

How to Get There

At a command line, enter LSWPPRF (the Powertech command for switching from one profile to another) and press Enter.

What it Does

Switch User Authority provides a method of conferring special authority to a job, authority it normally would not have. Once a profile switch has occurred, the job runs under the new profile's authority. Any open files and objects allocated by the original profile are accessible to the new profile.

No other attributes associated with the user or group profile are replaced. The qualified job name does not change to reflect the new user profile. However, any object created by the job while running under the new profile is owned by the new profile or its group profile.

If you use this API to begin running under a specific profile, any spooled files created are owned by that profile. This is done by putting the file under a QPRTJOB iob. Any spooled file command that references the spooled file with the job special value * will only access those files that were created before the profiles were swapped.

Field Descriptions

Reason for Switching

Up to 256 characters long, this is the "reason" that will be sent to Interested Parties in alerts and reports. This is a required parameter. Typical "reasons" may include:

"I need elevated authority to reset the DST password"

"Using higher authority account to modify value in payroll file at HR's request"

NOTE: The reason for switching cannot be left blank. The user can enter a weak reason or nonsense characters, so it is incumbent upon the customer to set, and enforce, a policy that requires meaningful information. Individuals who are registered as Interested Parties may be best suited to administer that policy.

Call Ticket

A Call Ticket is the reference number associated with the reason for switching profiles (if applicable). It can be used to enter ticket numbers from a help system such as Remedy.

The Call Ticket field is not currently validated.

Options

Type the option number you want and press Enter.

1 (Select to Switch)

Select Switch Profile. Switch to or release a profile. If this option is placed next to the very first entry it signals the current profile switch is to be released. Placed against any other entry it means a new profile switch is being requested.

Column Descriptions

Switch to Profile

The name of a user profile that the user starting the job can switch to.

Switch to Profile Description

The text description from the Switch to Profile user profile.

Number Minutes Switch is Active

The number of minutes a profile switch may stay active.

In the screen cap above, ROB is logged in and running under his normal profile, but he has been configured with options to switch to QSECOFR or QSYSOPR.

Number of Minutes Switch is Active always defaults to NOLIMIT for a regular switch pair. A FireCall Switch Pair must have a number of minutes specified in this field.
Timed switch command - The command to be run for any profile switch that is for a specific duration. Authority Broker executes this command for any profile switch with a limited duration.

Possible values are:

command

The command to be executed after the profile switch occurs. This value may be typed in by the user or supplied via either Authority Broker's Before Switch exit point or After Switch exit point. When typed in by the user a command must be enclosed within single quotes if the command contains case-sensitive values.

*DEFAULT

The default command configured by the Authority Broker administrator is executed for timed switches.

NOTE: A message similar to the one shown below will be displayed in the message queue for both the 'signed on' profile, and the 'swapped to' profile:

Job 025473/PLABOWN/TOF025468 completed normally on 03/19/07 at 12:50:05.

The message is an i5/OS message.

Copyright © HelpSystems, LLC.
All trademarks and registered trademarks are the property of their respective owners.
4.18 | 201802261131