Authority to some objects in a library to which user already has access

145 pts.
Tags:
AS400 Access
AS400 admin
iSeries AS/400
Hello A user is already having access to a specific library but he complained about not having authority to some PFs and queries existing in the same library? 1Not sure how the access is not there in first place? 2) to grant access now do we need to add *ALL authority for each individual object? there are quite a lot of files ? is there any other way? pls advise..

Software/Hardware used:
AS400

Answer Wiki

Thanks. We'll let you know when a new response is added.

First you need to check the values you are using when creating objects; else you can clean this up and still have problems.

Is there a reason that a user needs authority ot everything in a library?

You need to determine what you want for you master security plan before you just start making changes.

Making changes for one user can have other impact. What about any remote user access?

Discuss This Question: 10  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    Not sure how the access is not there in first place?   Why do you think it should be there in the first place? Did you already grant authority to the user for those files and queries? Is the user a member of a group that already has authority? Are all of the files and queries on an authorization list that the user is authorized to?   to grant access now do we need to add *ALL authority for each individual object?   If you need to grant *ALL authority to the user for every individual file, then yes, you need to grant *ALL authority to the user for every individual file. If you need to grant less authority or the user doesn't need authority to every file, then no, you don't to grant *ALL for every file. We have no information about what authority you need to grant for which objects.   Authority can be granted generically with the CHGAUT command. That's a way to assign authorities for each file and/or each query while using a single command.   We can guess that your system has no useful authority scheme in place, otherwise this question wouldn't have come up. An appropriate authority scheme would go a long way towards automating authority assignments.   Who is responsible for maintaining authority on your system? Creating a security scheme can be difficult after a system has been in use for a while. But it will save time and confusion in the future, and your system will be more secure.   Tom
    125,585 pointsBadges:
    report
  • ToddN2000
    Like Tom mentioned you REALLY need some security/authority measures in place. Maybe they do not need authority to everything in the LIB. We have had some issues where if the file object was created under a different user profile you could not delete it for example because of the object owner. Mainly from users creating files as output from as/400 queries to import into Excel. Check all the objects in the library and see what is different on the ones they are having access problems with.. I think you will see a pattern.
    10,025 pointsBadges:
    report
  • 100282
    Sorry for the confusion. but the library is owned by the user. doesnt the ownership reflect to all the objects in the library? do we need to grant access to objects in his own library?    
    145 pointsBadges:
    report
  • ToddN2000
    No. I can add file to a library if I am authorized but someone else may not be able to delete what I added to the library. There are 2 levels of security going on here one is for the library and the second is the individual objects in the library.Check both sides and you will probably find the issue. Check the object authority for one that works and compare to one that does not.
    10,025 pointsBadges:
    report
  • TomLiotta
    doesnt the ownership reflect to all the objects in the library?   No.   The 'ownership' does not automatically allow the authority to access an object (even if ownership of a library did extend to objects contained in it). For example, if an owner is given *EXCLUDE authority to an object, then the owner can't access the object until authority to do so is reestablished.   It depends on what authority was granted when the object was created or later. Ownership <> authority.   (But note that an object owner always has the authority to change the authority on an object.)   Tom
    125,585 pointsBadges:
    report
  • 100282
    For eg: Library: ABA - Owner : Paul Object: XYZ - Owner : Paul *PUBLIC *EXCLUDE the user Paul is not having access by default? can this happen?
    145 pointsBadges:
    report
  • TomLiotta
    can this happen?   Not enough information. Nothing shown looks unusual, but I don't know what kind of object XYZ is nor how it was created. Knowing those will probably lead to other questions.   Tom
    125,585 pointsBadges:
    report
  • 100282
      The Library ABC is owned by the user Paul.  The objects in the library ABC have the authority *PUBLIC *EXCLUDE. However,when checked I found that all the objects in library ABC have owner as Paul. Do we still need to give specific authority to PAUL as PAUL *ALL for individual objects also for him to access? Hope I am clear this time?
    145 pointsBadges:
    report
  • TomLiotta
    If the only authority is *PUBLIC *EXCLUDE (and user Paul does not have *ALLOBJ), then authority must be granted to Paul in order to use the object. If Paul is the owner, then Paul can grant authority to himself whenever he wants. -- Tom
    125,585 pointsBadges:
    report
  • TomLiotta
    BTW, Paul would only need to be granted *ALL authority if he needed "all" authority. He might only need *CHANGE or *USE or some user-defined authority. I have no way to know what authority is needed. -- Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following