The Restore Licensed Programs (RSTLICPGM) command is used to install
IBM-supplied programs on your system. It can also be used to install non-IBM
programs created using the SystemView* System Manager/400* licensed program.
When your system is shipped, only users with *ALLOBJ special authority
can use the RSTLICPGM command. The RSTLICPGM procedure calls an exit program
to install programs that are not supplied by IBM®.
To protect security on your system, the exit program should not run using
a profile with *ALLOBJ special authority. Use a program that adopts *ALLOBJ
special authority to run the RSTLICPGM command, instead of having a user with
*ALLOBJ authority run the command directly.
Following is an example of this technique. The program to be installed
using the RSTLICPGM command is called CPAPP (Contracts and Pricing).
- Create a user profile with sufficient authority to successfully install
the application. Do not give this profile *ALLOBJ special authority. For the
example, the user profile is called OWNCP.
- Write a program to install the application. For the example, the program
is called CPINST: PGM RSTLICPGM CPAPP ENDPGM
- Create the CPINST program to adopt the authority of a user with *ALLOBJ
special authority, such as QSECOFR, and authorize OWNCP to the program:
CRTCLPGM QGPL/CPINST USRPRF(*OWNER) +
AUT(*EXCLUDE) GRTOBJAUT OBJ(CPINST) OBJTYP(*PGM) +
USER(OWNCP) AUT(*USE)
- Sign on as OWNCP and call the CPINST program. When the CPINST program
runs the RSTLICPGM command, you are running under QSECOFR authority. When
the exit program runs to install the CPAPP programs, it drops adopted authority.
The programs called by the exit program run under the authority of OWNCP.
For procedural steps, refer to.Restore
authorization lists.