This document discusses limiting powerful user profiles on IBM i systems. It defines what makes a profile powerful, such as special authorities, user class, and limit capabilities. Specific special authorities are outlined that provide elevated access, such as *ALLOBJ. The challenges of managing elevated authority, such as frequent requests for more access, are discussed. Third-party solutions are presented as an option to automate elevated authority management and provide separation of duties, auditing, and risk reduction. Syncsort is presented as a vendor that can help with solutions for data privacy, access control, compliance monitoring, security risk assessments, and more.