http://itknowledgeexchange.techtarget.com/itanswers/as400-object-authority/ Fri, 24 May 2013 04:11:53 +0000 hourly 1 http://itknowledgeexchange.techtarget.com/itanswers/as400-object-authority/#comment-112094 TomLiotta Wed, 10 Oct 2012 11:37:14 +0000 http://itknowledgeexchange.techtarget.com/itanswers/as400-object-authority/#comment-112094 Your question involves a contradiction. By choosing to have *PUBLIC *CHANGE as a default for a library (for new objects), you’re saying that every user that exists now or will ever be created is automatically to be granted *CHANGE authority. Now you want a way to circumvent what you’ve told the system to do. (It wasn’t necessarily “you” who told it.)
Setting CRTAUT(*CHANGE) for a library should only be done for isolated libraries with unimportant objects. There is no way to circumvent the current setting.
You can, however, change the authority after the system sets it simply by running GRTOBJAUT *EXCLUDE (or *USE) for any user you choose. That could technically be programmed to happen more or less automatically by a process related to monitoring QAUDJRN for Create Object (CO) entries and running the command when the library matches, but that’s a pretty inefficient and trouble prone way to do it in the long term.
Far better would be to create an actual meaningful authority scheme.
First, for example, would be to change the library to CRTAUT(*EXCLUDE). I can’t come up for a good reason to have things the way you have them now if there are exclusions.
Then, create a user profile for use as a group profile and make your users members of that group. Set the users to have OWNER(*GRPPRF) so ownership/authority of new objects becomes part of the group.
And for the user you want to exclude, don’t make that user a member of the group.
From then on, every user except the one that isn’t a member of that group will have authority to new objects in that library.
Tom

]]>