Allow a User without *ALLOBJ Special Authority to View a User's Active Job Log That Does Have *ALLOBJ Special Authority - A Technical Tip

submitted by Kevin McEvoy, Estee lauder.

A user without *ALLOBJ special authority can view a joblog for a user with *ALLOBJ special authority is possible starting with Version 5 of OS/400 (i5/OS). To allow a user without *ALLOBJ special authority to view a user's active job log that has *ALLOBJ special authority, do the following:

Use one of the following options.

Option 1: Starting with V5R3, activate the function with the following command:

CHGFCNUSG FCNID(QIBM_ACCESS_ALLOBJ_JOBLOG) USER(USRNAME) USAGE(*ALLOWED)

Note: SECADM is required to issue the command successfully.

1. The following PTFs are required to enable this function at these releases:
   • V5R1:    SI08171 on cumulative tape 3343510
   • V5R2:    SI08172 on cumulative tape 3364520
2. The users using this feature must have *JOBCTL special authority.

Option 2: From the iSeries Navigator, do the following:

1. Open iSeries Navigator.
2. Right-click on the system and choose Application Administration (for V5R2 choose Local settings).
3. This brings up the Application Administration window below.  (It may require an update to iSeries Navigator functions before this window comes up.)
4. Click on the Host Applications tab.
5. Expand the Operating System/400 Function.
6. Expand the new All Object folder.
7. Choose the Default access (all users).
8. If the ACCESS JOB LOG OF *ALLOBJ JOB function is highlighted, the Customize button on the lower right of this window can be used to customize this function for specific users.
9. Once the Default Access is checked for the ACCESS JOB LOG OF *ALLOBJ JOB or individual users added with the customize button, *ALLOBJ special authority is no longer required to view another user's active job log if they have *ALLOBJ special authority.
10. It looks like:

There are many other things that can bechanged with this same CHGFCNUSG command (or iSeries Navigator).  The list, at V5R3 from either the DSPFCHUSG or WRKFCNUSG command is:

Function ID                     Function Name
QIBM_DIRSRV_ADMIN               IBM Directory Server Administrator
QIBM_ACCESS_ALLOBJ_JOBLOG       Access job log of *ALLOBJ job
QIBM_ALLOBJ_TRACE_ANY_USER      Trace any user
QIBM_QCST_SERVICE_CLUSTADMIN    Cluster Administration
QIBM_QCST_SERVICE_CLUSTOPER     Cluster Operation
QIBM_QYAS_SERVICE_DISKMGMT      Disk units
QIBM_SERVICE_DUMP               Service dump
QIBM_SERVICE_JOB_WATCHER        JOB WATCHER
QIBM_SERVICE_THREAD             Thread control
QIBM_SERVICE_TRACE              Service trace
QIBM_QINAV_WEB_FUNCTIONS        Manage Server Through Web Interface
QIBM_QINAV_WEB_INTERFACE        Use of iSeries Navigator Web Interface
QIBM_QSY_SYSTEM_CERT_STORE      *SYSTEM certificate store
QIBM_QTMF_CLIENT_REQ_0          Initiate Session
QIBM_QTMF_CLIENT_REQ_3          Change Directory
QIBM_QTMF_CLIENT_REQ_6          Send Files
QIBM_QTMF_CLIENT_REQ_7          Receive Files
QIBM_QTMF_CLIENT_REQ_9          CL Commands
QIBM_QTMF_SERVER_REQ_0          Logon Server
QIBM_QTMF_SERVER_REQ_1          Create Directory/Library
QIBM_QTMF_SERVER_REQ_2          Delete Directory/Library
QIBM_QTMF_SERVER_REQ_3          Change Directory
QIBM_QTMF_SERVER_REQ_4          List Files
QIBM_QTMF_SERVER_REQ_5          Delete Files
QIBM_QTMF_SERVER_REQ_6          Send Files
QIBM_QTMF_SERVER_REQ_7          Receive Files
QIBM_QTMF_SERVER_REQ_8          Rename Files
QIBM_QTMF_SERVER_REQ_9          CL Commands
QIBM_QYCM_CIMOM_CREATE_CLASS    Create Class
QIBM_QYCM_CIMOM_DELETE_CLASS    Delete Class
QIBM_QYCM_CIMOM_ENUM_CLASS      Enumerate Classes
QIBM_QYCM_CIMOM_ENUM_CLASS_NAM  Enumerate Class Names
QIBM_QYCM_CIMOM_GET_CLASS       Get Class
QIBM_QYCM_CIMOM_MODIFY_CLASS    Modify Class
QIBM_QYCM_CIMOM_DELETE_QUAL     Delete Qualifier
QIBM_QYCM_CIMOM_ENUM_QUAL       Enumerate Qualifiers
QIBM_QYCM_CIMOM_GET_QUAL        Get Qualifier
QIBM_QYCM_CIMOM_SET_QUAL        Set Qualifier
QIBM_QYPS_MGTCTRL_SUPER_USER    Management Central Administration Access
QIBM_XD1_OPNAV_APPDEV           Application Development
QIBM_XD1_OPNAV_BACKUP           Backup
QIBM_XD1_OPNAV_MULTIMEDIA       Multimedia (Pre-V5R1M0 clients only)
QIBM_XD1_OPNAV_USRGRP           Users and Groups
QIBM_XE1_OPNAV_AFPMGR           AFP Manager
QIBM_XE1_OPNAV_APPADMIN         Application Administration
QIBM_XD1_OPNAV_JOBMGMT          Jobs
QIBM_XD1_OPNAV_MESSAGES         Messages
QIBM_XD1_OPNAV_PRINTERS         Printers
QIBM_XD1_OPNAV_PRINTOUT         Printer Output
QIBM_XD1_OPNAV_DBLIBS           Schemas
QIBM_XD1_OPNAV_DBODBC           ODBC Data Sources (Pre-V5R1M0 clients only)
QIBM_XE1_OPNAV_DBNAV            Database Navigator Maps
QIBM_XE1_OPNAV_DBSQLPM          SQL Performance Monitors
QIBM_XE1_OPNAV_DBXACT           Transactions
QIBM_XE1_OPNAV_FSNETSRV         File Shares
QIBM_XD1_OPNAV_INTERNET         Internet
QIBM_XD1_OPNAV_IPSECURITY       IP Policies
QIBM_XD1_OPNAV_NETSTAT          IBM Network Stations (Pre-V5R3M0 clients only)
QIBM_XD1_OPNAV_PROTOCOL         TCP/IP Configuration
QIBM_XD1_OPNAV_PTTOPT           Remote Access Services
QIBM_XD1_OPNAV_SERVERS          Servers
QIBM_XE1_OPNAV_EIM              Enterprise Identity Mapping
QIBM_XE1_OPNAV_WINADM           Windows Administration
QIBM_XD1_OPNAV_AUTHLIST         Authorization Lists
QIBM_XD1_OPNAV_SECPOLICY        Policies
QIBM_XE1_OPNAV_NETAS            Network Authentication Service
QIBM_XD1_OPNAV_HARDINV          Hardware
QIBM_XD1_OPNAV_SOFTINV          Software
QIBM_XE1_OPNAV_SYSVAL           System Values and Time Management
QIBM_XD1_OPNAV_FSQDLS           QDLS
QIBM_XD1_OPNAV_FSQFILESVR       QFileSvr.400
QIBM_XD1_OPNAV_FSQLANSRV        QLANSrv
QIBM_XD1_OPNAV_FSQNETWARE       QNetWare
QIBM_XD1_OPNAV_FSQNTC           QNTC
QIBM_XD1_OPNAV_FSQOPENSYS       QOpenSys
QIBM_XD1_OPNAV_FSQOPT           QOPT
QIBM_XD1_OPNAV_FSQSYSLIB        QSYS.LIB
QIBM_XD1_OPNAV_FSROOT           Root
QIBM_XE1_OPNAV_ACTJOB           Active Jobs
QIBM_XE1_OPNAV_JOBQUE           Job Queues
QIBM_XE1_OPNAV_MEMPOOL          Memory Pools
QIBM_XE1_OPNAV_OUTQUES          Output Queues
QIBM_XE1_OPNAV_SRVJOB           Server Jobs
QIBM_XE1_OPNAV_SUBSYS           Subsystems
QIBM_XE1_DOT_NET                .NET Data Provider
QIBM_XE1_ODBC                   ODBC Support
QIBM_XE1_OLEDB                  OLE DB Provider
QIBM_XE1_RMTCMD                 Remote Command - Command Line
QIBM_XE1_5250                   5250 Display and Printer Emulator
QIBM_XE1_DDWNLD_AO              ActiveX Automation Downloads
QIBM_XE1_DDWNLD_AUTO            Autostart Downloads
QIBM_XE1_DDWNLD_EXCEL           Excel Add-in Downloads
QIBM_XE1_DDWNLD_GUI             GUI Downloads
QIBM_XE1_DDWNLD_RTOPCB          Use of RTOPCB
QIBM_XE1_DUPLD_AO               ActiveX Automation Uploads
QIBM_XE1_DUPLD_APPREP           Appending or Replacing Host Files
QIBM_XE1_DUPLD_AUTO             Autostart Uploads
QIBM_XE1_DUPLD_EXCEL            Excel Add-in Uploads
QIBM_XE1_DUPLD_GUI              GUI Uploads
QIBM_XE1_DUPLD_RFROMPCB         Use of RFROMPCB
QIBM_XE1_DUPLD_CRTF_BASED       File Creation Based on Existing Server Files
QIBM_XE1_DUPLD_WIZ_CRTF         File Creation Based on PC File or Excel Spreadsheet