AS400 object authority

180 pts.
Tags:
AS/400
AS/400 objects
How can we restrict a particular user to the newly created objects in a particular library. By default the objects creating as *public with *CHANGE authority and this user having the access for newly created objects, so please let me know the steps or procedure to restrict this user for newly created in objects. By the way I have created the AUTL and assign to the library but it's not restricting the objects inside the library nor to the new objects. I have change the authority inside the library with the command GRTOBJAUT but for the newly created object i am searching a way to restrict a particular user. Your early help/advice will be Appreciated! Thanks Syed

Software/Hardware used:
V6R1

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    Your question involves a contradiction. By choosing to have *PUBLIC *CHANGE as a default for a library (for new objects), you're saying that every user that exists now or will ever be created is automatically to be granted *CHANGE authority. Now you want a way to circumvent what you've told the system to do. (It wasn't necessarily "you" who told it.) Setting CRTAUT(*CHANGE) for a library should only be done for isolated libraries with unimportant objects. There is no way to circumvent the current setting. You can, however, change the authority after the system sets it simply by running GRTOBJAUT *EXCLUDE (or *USE) for any user you choose. That could technically be programmed to happen more or less automatically by a process related to monitoring QAUDJRN for Create Object (CO) entries and running the command when the library matches, but that's a pretty inefficient and trouble prone way to do it in the long term. Far better would be to create an actual meaningful authority scheme. First, for example, would be to change the library to CRTAUT(*EXCLUDE). I can't come up for a good reason to have things the way you have them now if there are exclusions. Then, create a user profile for use as a group profile and make your users members of that group. Set the users to have OWNER(*GRPPRF) so ownership/authority of new objects becomes part of the group. And for the user you want to exclude, don't make that user a member of the group. From then on, every user except the one that isn't a member of that group will have authority to new objects in that library. Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following