User class and special authorities for user profiles - Assure_DB2_Data_Monitor_(DB2MON) - Assure_Elevated_Authority_Manager_(EAM) - Assure_Encryption - Assure_Monitoring_and_Reporting_(AMR) - Assure_Secure_File_Transfer - Assure_Secure_File_Transfer_ - Assure_Secure_File_Transfer_PGP - Assure_Secure_File_Transfer_with_PGP - Assure_Security_Multi-Factor_Authentication_(MFA) - Assure_System_Access_Manager_(SAM) - Required_for_All_Modules - assure_ioptimize - assure_itera - assure_mimix - 10.0

License Manager for IBM i Products

Product type
Software
Portfolio
Integrate
Product family
Assure
Product
Assure Security > Assure Encryption
Assure Security > Assure DB2 Data Monitor (DB2MON)
Assure MIMIX™ Software
Assure Security > Assure Monitoring and Reporting (AMR)
Assure Security > Assure Elevated Authority Manager (EAM)
Assure Security > Assure Security Multi-Factor Authentication (MFA)
Assure Security > Assure Secure File Transfer with PGP
Assure Security > Assure Secure File Transfer
Assure Security > Required for All Modules
Assure iOptimize
Assure iTERA
Assure Security > Assure System Access Manager (SAM)
Version
10.0
Language
English
Product name
Assure
Title
License Manager for IBM i Products
Copyright
2023
First publish date
1999

The MIMIXOWN, MIMIXCLU and ITERAOWNER user profiles are created by default as a security officer class (*SECOFR) user profile with all special authorities, including all object authority (*ALLOBJ). The MIMIXOWN and ITERAOWNER user profiles need this level of authority to access information needed for products to perform their operations. The MIMIXOWN system directory entry is required for DLO replication and should not be removed.

Note: *ALLOBJ authority is a very useful authority but it must be used with care because it leaves your system vulnerable to misuse. Protecting your assets from unauthorized use describes considerations for changing this authority.
The following table identifies the special authorities for user profiles and the operations for which the MIMIXOWN, MIMIXCLU, and ITERAOWNER user profiles require a special authority.
Table 1. Product operations that require special authorities

Special Authority

Product operations that require special authority

*ALLOBJ

Required by replication processes to access, create, delete, and alter a variety of object types used in replication, including:
  • Database files (*FILE objects) to be replicated.

  • User profiles (*USRPRF objects). Replication of user profiles requires all the special authorities of the user profiles being replicated. Attempts to replicate user profiles will fail if replication processes do not have access to the same special authorities.

Also required for:

*AUDIT

Required so that replication processes can change the object auditing level on objects to ensure that they are properly replicated.

*IOSYSCFG

Required in all product environments where TCP/IP is the transfer protocol between systems.

Also required for:
  • Replication of communications-related object types, such as: line descriptions (*LIND), controller descriptions (*CTLD), device descriptions (*DEVD), or mode descriptions. (*MODD).
  • Access to cluster resource service APIs used by the MIMIXCLU user profile within MIMIX.

*JOBCTL and *SPLCTL

Required for manipulation of spooled files (*SPLF) used internally by Precisely products.

*SAVSYS

Required for save and restore operations that are performed during replication. Also required for synchronizing some types of configuration information within MIMIX.

*SECADM

Required for replicating user profiles (*USRPRF), documents (*DOC), or folders (*FLR).

*SERVICE

Required for replicating user profiles (*USRPRF).