AS/400 library authorization

105 pts.
Tags:
*ALLOBJ
AS/400 Authorization List
AS/400 Library
How can a person without *ALLOBJ authority access list of libaray ?

Answer Wiki

Thanks. We'll let you know when a new response is added.

You don’t need *allobj to run SQL. Just give the user authority to the libraries you want them to use.

Discuss This Question: 10  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    ...access list of libaray ? Which list of libraries? Any user can access any object that they are authorized to access. The *ALLOBJ special authority isn't needed to access objects that you have authority to. The *ALLOBJ special authority is used to access objects that you don't have authority for. Authority to access a library might be available to you from multiple sources so that *ALLOBJ isn't needed. It might be obtained from *PUBLIC authority. It might come from private authority. It might come from group profile authority. Or it might come from adopted authority. Without know circumstances, there's no way for us to determine how authority was obtained for anything. Do you have a problem that you need to solve? Tom
    125,585 pointsBadges:
    report
  • wpoulin
    If you are looking for what libraries are currently in your library list, you can use the Display Library List, DSPLIBL, command. If you are looking for what libraries you are authorized to, you could use the Work with Objects, WRKOBJ OBJ(*ALL/*ALL) OBJTYPE(*LIB), command. As Tom says, without knowing more about exactly what you are looking for, it is hard to guess. Hope this helps, Bill Poulin
    2,480 pointsBadges:
    report
  • philpl1jb
    It's not clear if you are trying to track down a security leak or find a method to allow a user to see the llist. If it's the latter, here is a method. Create a cl program containing the command that you want them to use. The profile that compiles it needs authority to the libraries, perhaps *ALLOBJ, and compiles or changes the program to User profile . . . . . . . . . . . . . . . . . . : *OWNER Grant them authority to execute the program. Phil
    50,205 pointsBadges:
    report
  • chalenger
    You Have to grant this Aut. to that Library list explicty..
    490 pointsBadges:
    report
  • as400tarek
    Dear All, thanks for your care. My point that we have some users have authority to run SQL statement but we have to remove *ALLOBJ authority from them but in the same time give him limited access to run their SQL queries
    105 pointsBadges:
    report
  • TomLiotta
    ...we have to remove *ALLOBJ authority from them... It's not clear what that means. No normal users should have *ALLOBJ in the first place, so it shouldn't be there to be removed. It sounds like you are cleaning up security. The *ALLOBJ is being removed, and you want to know how to help users access their libraries now that they can't rely on special authority. Am I understanding correctly? If not, please add more description. Tom
    125,585 pointsBadges:
    report
  • as400tarek
    simply I need 1) remove *ALLOBJ authority from some users profile 2) create a group profile with authority on some libraries 3) add this group to the users profile to have access to those libraries.
    105 pointsBadges:
    report
  • TomLiotta
    I would change the sequence to be this way: 2) create a group profile with authority on some libraries 3) add this group to the users profile to have access to those libraries. 1) remove *ALLOBJ authority from some users profile But other than that, I would create one or more *AUTLs and put each library on one the *AUTLs. (All libraries might go on a single *AUTL if it works out that way.) I would then authorize each group profile to the same *AUTL that controls libraries related to that group profile. By doing it that way, you will have the authority held separate from the library object. You will be able to make changes to authorities by modifying the appropriate *AUTL instead of trying to modify authority directly on the library objects. Changing authority on objects requires an *EXCL lock which is often hard to obtain because the object might be in use. In any case, you listed the three steps that you want to take. But I don't see a problem in those steps. Is there a difficulty that you run into? Tom
    125,585 pointsBadges:
    report
  • as400tarek
    [...] 5. Check out ErroneousGiant’s recommendations and Orangehat’s approved answer on print server IP addresses. 6. There’s some great collaboration over a member’s question about AS/400 library authorization. [...]
    0 pointsBadges:
    report
  • as400tarek
    Thanks Tom, i have do below:- 1) create a group profile 2)add created grpup profile to the authority list on some libraries 3) add this group to the users profile to have access to those libraries. 4) remove *ALLOBJ authority from some users profile 4)
    105 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following