1.  Home
  2. MIDRANGE-L
  3. May 2004

Authority Lookup Question...

We have secured our production data using authority lists. For example

Object . . . :   NARL    Owner  . . . . :   TURNOVER  
Library  . . :   P1FILES Primary group  :   *NONE     
Object type  :   *FILE   ASP device . . :   *SYSBAS   
 

Object secured by authorization list     CISPRDDTA 
 

                            Object     -----Object------   ------Data-------

 User         Group        Authority   O   M   E   A   R   R   A   U   D   E

 TURNOVER                  *ALL        X   X   X   X   X   X   X   X   X   X

 *PUBLIC                   *AUTL 

The authority list CISPRDDTA is defined with these entries:

              Object  
User         Authority
QSECOFR      *ALL     
XYZ          *CHANGE     
CISACCESS    *ALL     
*PUBLIC      *USE     
                        

Lets say I'm user XYZ and I want to open this file for update. My
understanding is that authority would be checked like this:


                        1. Object authority is checked (Primary group,
*PUBLIC, ownership)
                        2. *ALLOBJ is checked 
                        3. Private authority is checked
                        4. Authority list is checked ... Access granted

My question is ... Since I have specified *PUBLIC authority as *AUTL I
assume that in step #1 the authority for *PUBLIC specified in the CISPRDDTA
authority list will be checked... but will the system then return from the
CISPRDDTA authority list, check for *ALLOBJ and private authority before
going back to the list again in step #4 to check for XYZ's authority or will
it be smart enough to know user XYZ has *CHANGE authority and allow update
access immediately in step #1?


Kenneth

****************************************
Kenneth E. Graap
IBM Certified Specialist 
AS/400e Professional System Administrator
NW Natural (Gas Services)
keg@xxxxxxxxxxxxx
Phone: 503-226-4211 x5537
FAX:    603-849-0591
****************************************

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.