…access list of libaray ?

Which list of libraries?

Any user can access any object that they are authorized to access.

The *ALLOBJ special authority isn’t needed to access objects that you have authority to. The *ALLOBJ special authority is used to access objects that you don’t have authority for.

Authority to access a library might be available to you from multiple sources so that *ALLOBJ isn’t needed. It might be obtained from *PUBLIC authority. It might come from private authority. It might come from group profile authority. Or it might come from adopted authority.

Without know circumstances, there’s no way for us to determine how authority was obtained for anything.

Do you have a problem that you need to solve?

Tom

If you are looking for what libraries are currently in your library list, you can use the Display Library List, DSPLIBL, command.
If you are looking for what libraries you are authorized to, you could use the Work with Objects, WRKOBJ OBJ(*ALL/*ALL) OBJTYPE(*LIB), command.
As Tom says, without knowing more about exactly what you are looking for, it is hard to guess.

Hope this helps,
Bill Poulin

It’s not clear if you are trying to track down a security leak or find a method to allow a user to see the llist.

If it’s the latter, here is a method.
Create a cl program containing the command that you want them to use.
The profile that compiles it needs authority to the libraries, perhaps *ALLOBJ,
and compiles or changes the program to
User profile . . . . . . . . . . . . . . . . . . : *OWNER

Grant them authority to execute the program.

Phil

You Have to grant this Aut. to that Library list explicty..

Dear All, thanks for your care.

My point that we have some users have authority to run SQL statement but we have to remove *ALLOBJ authority from them but in the same time give him limited access to run their SQL queries

…we have to remove *ALLOBJ authority from them…

It’s not clear what that means. No normal users should have *ALLOBJ in the first place, so it shouldn’t be there to be removed.

It sounds like you are cleaning up security. The *ALLOBJ is being removed, and you want to know how to help users access their libraries now that they can’t rely on special authority.

Am I understanding correctly? If not, please add more description.

Tom

simply I need
1) remove *ALLOBJ authority from some users profile
2) create a group profile with authority on some libraries
3) add this group to the users profile to have access to those libraries.

I would change the sequence to be this way:

2) create a group profile with authority on some libraries
3) add this group to the users profile to have access to those libraries.
1) remove *ALLOBJ authority from some users profile

But other than that, I would create one or more *AUTLs and put each library on one the *AUTLs. (All libraries might go on a single *AUTL if it works out that way.)

I would then authorize each group profile to the same *AUTL that controls libraries related to that group profile.

By doing it that way, you will have the authority held separate from the library object. You will be able to make changes to authorities by modifying the appropriate *AUTL instead of trying to modify authority directly on the library objects. Changing authority on objects requires an *EXCL lock which is often hard to obtain because the object might be in use.

In any case, you listed the three steps that you want to take. But I don’t see a problem in those steps.

Is there a difficulty that you run into?

Tom

Thanks Tom,

i have do below:-
1) create a group profile
2)add created grpup profile to the authority list on some libraries
3) add this group to the users profile to have access to those libraries.
4) remove *ALLOBJ authority from some users profile
4)