Change *ALLOBJ Profile (AVCHGAO)

Select this option to view or change the *ALLOBJ profile that Powertech Antivirus uses to perform tasks that require special authorities. This includes the AVSVR and AVINSITE jobs and the execution of DAT updates. The default is QSECOFR. You can use an existing profile but you must ensure the profile has *ALLOBJ, *JOBCTL, and *SECADM authority and is not disabled. A password is not required or used.

*ALLOBJ User Profile

The user profile that Powertech Antivirus uses to perform tasks that require special authorities.

QSECOFR The QSECOFR user profile is used.

user-profile Specify the name of the user profile. The profile must have *ALLOBJ, *JOBCTL, and *SECADM special authorities and must not be disabled. A password is not required or used.

If you want to set up a user profile as the exclusive Powertech Antivirus *ALLOBJ profile, you can create a profile that meets all requirements using the following command:

CRTUSRPRF USRPRF(AVALLOBJ) PASSWORD(*NONE) STATUS(*ENABLED) USRCLS(*USER) LMTCPB(*NO) TEXT('Powertech Antivirus *ALLOBJ Profile') SPCAUT(*ALLOBJ *JOBCTL *SECADM) AUT(*EXCLUDE)

After changing the *ALLOBJ profile, the AVSVR and AVINSITE jobs will continue to run under the old *ALLOBJ profile until restarted by a DAT update, an IPL, or manually. To force the AVSVR job to run under the new profile immediately, restart the job by running the command AVENDSVR and then the command AVSTRSVR. If the AVINSITE job is active, to force it to run under the new profile immediately, restart the job by running the command AVINSITE *STOP and then the command AVINSITE *START.

NOTE: The *ALLOBJ profile is not used for reading in files during scanning. Files are read in the job in which the AVSCAN or AVRUNTSK commands are run. It is the current user of those jobs that determines whether the job is authorized to files, not the *ALLOBJ profile. (For scheduled scans, the current user of the job, while it is active, is determined by the profile specified on the corresponding AVRUNTSK job scheduler entry). To guarantee that all files in the directories that are configured for a scan are scanned, ensure that the scan runs under a user profile that has *ALLOBJ special authority, or has public or private authority to all of the configured directories and the files in those directories.

TIP: If you want to create a new user profile to use as the *ALLOBJ profile, we recommend the following parameters:

PASSWORD: *NONE
Special authority (no commas, only blanks, between values): *ALLOBJ *JOBCTL *SECADM
Initial menu: *SIGNOFF
TEXT parameter value: (in single quotes): Privileged user profile for use by Powertech Antivirus for IBM i

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
8.12 | 202502030833 | February 2025