User class and special authorities for user profiles - Assure_DB2_Data_Monitor_(DB2MON) - Assure_Elevated_Authority_Manager_(EAM) - Assure_Encryption - Assure_Monitoring_and_Reporting_(AMR) - Assure_Secure_File_Transfer - Assure_Secure_File_Transfer_ - Assure_Secure_File_Transfer_PGP - Assure_Secure_File_Transfer_with_PGP - Assure_Security_Multi-Factor_Authentication_(MFA) - Assure_System_Access_Manager_(SAM) - Required_for_All_Modules - assure_ioptimize - assure_itera - assure_mimix - 10.0

License Manager for IBM i Products

Product type
Product family
Assure Security > Assure Encryption
Assure Security > Assure DB2 Data Monitor (DB2MON)
Assure MIMIX™ Software
Assure Security > Assure Monitoring and Reporting (AMR)
Assure Security > Assure Elevated Authority Manager (EAM)
Assure Security > Assure Security Multi-Factor Authentication (MFA)
Assure Security > Assure Secure File Transfer with PGP
Assure Security > Assure Secure File Transfer
Assure Security > Required for All Modules
Assure iOptimize
Assure iTERA
Assure Security > Assure System Access Manager (SAM)
Product name
License Manager for IBM i Products
First publish date

The MIMIXOWN, MIMIXCLU and ITERAOWNER user profiles are created by default as a security officer class (*SECOFR) user profile with all special authorities, including all object authority (*ALLOBJ). The MIMIXOWN and ITERAOWNER user profiles need this level of authority to access information needed for products to perform their operations. The MIMIXOWN system directory entry is required for DLO replication and should not be removed.

Note: *ALLOBJ authority is a very useful authority but it must be used with care because it leaves your system vulnerable to misuse. Protecting your assets from unauthorized use describes considerations for changing this authority.
The following table identifies the special authorities for user profiles and the operations for which the MIMIXOWN, MIMIXCLU, and ITERAOWNER user profiles require a special authority.
Table 1. Product operations that require special authorities

Special Authority

Product operations that require special authority


Required by replication processes to access, create, delete, and alter a variety of object types used in replication, including:
  • Database files (*FILE objects) to be replicated.

  • User profiles (*USRPRF objects). Replication of user profiles requires all the special authorities of the user profiles being replicated. Attempts to replicate user profiles will fail if replication processes do not have access to the same special authorities.

Also required for:


Required so that replication processes can change the object auditing level on objects to ensure that they are properly replicated.


Required in all product environments where TCP/IP is the transfer protocol between systems.

Also required for:
  • Replication of communications-related object types, such as: line descriptions (*LIND), controller descriptions (*CTLD), device descriptions (*DEVD), or mode descriptions. (*MODD).
  • Access to cluster resource service APIs used by the MIMIXCLU user profile within MIMIX.


Required for manipulation of spooled files (*SPLF) used internally by Precisely products.


Required for save and restore operations that are performed during replication. Also required for synchronizing some types of configuration information within MIMIX.


Required for replicating user profiles (*USRPRF), documents (*DOC), or folders (*FLR).


Required for replicating user profiles (*USRPRF).