AS/400 Authorization List

1675 pts.
Tags:
AS/400 security
What is use of authorization list in as/400?

Answer Wiki

Thanks. We'll let you know when a new response is added.

You use Authorization Lists to group users together.
Then to control security you can grant/revoke authority to objects using the Authorization lists instead of individual User Profiles.

=======================================================

The purpose of an authorization list (*AUTL) is to provide a single object that can hold authorities for a list of users to a list of objects. Each user on the list may have different authorities specified. Authorities that are specified for a particular user are applied for that user against each object on the list.

A common usage is to combine *AUTLs with group profiles.

Assume library BUSINESS has files MASTER and NOTES. Officers of the company might have *ALL authority to everything. Managers might have *CHANGE authority. Sales people might have *USE authority only.

Three group profiles are OFFICER, MANAGER and SALES. Those three are added to the list with *ALL, *CHANGE and *USE associated with them. And MASTER and NOTES files would be assigned to the *AUTL with the EDTOBJAUT or GRTOBJAUT commands.

*PUBLIC should also be added to the *AUTL with *EXCLUDE authority. When that is done, the objects on the list should have *PUBLIC authority assigned as AUT( *AUTL ).

The BUSINESS *LIB object might also be assigned to the *AUTL like the objects in it.

With authorities assigned in that way, any new user can be authorized appropriately simply by making them members of the OFFICER, MANAGER or SALES group. Changing the group for a user will change authorities for everything on the *AUTL. Removing the group membership drops that user back to *PUBLIC authority. Changing the authority for any of the groups on the list change authorities for every member of that group for every object on the list in a single operation.

Authorities can be viewed and maintained for everything and everyone through the WRKAUTL command.

Note that this facility is intended for the basic authorization structure. It does not provide for specific details that could be needed for individual users against particular objects. Use *AUTLs for collecting similar authorities into a list. An object may be listed on only a single *AUTL. Users may be on any number of *AUTLs with different authorities.

Tom

Discuss This Question: 7  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • DiegoDH
    However, you also group users together via "groups". ;)
    275 pointsBadges:
    report
  • qmaster
    so, Authorization lists are more or like Group Profiles.????
    1,675 pointsBadges:
    report
  • 4819
    Hi, Let me clearify this with an example. Let's say the bookkeeping department of a company will work during off office hours, the persons who will work are named into an authorization list, which is known by the system. So everybody whose name is specified in that authorization list, can sign in without being rejected by the system. You get it now? Bye
    235 pointsBadges:
    report
  • Herbina
    Let me add on..... In group profiles, all the members of the group get the same authority for a particular object. In Authorization list, different users get different authorities for different objects.
    325 pointsBadges:
    report
  • pdraebel
    The main advantage of Authorisation Lists in securing Objects is that you do not need a lock on the objects when you want to change the access rights of a user to the objects in the list. First you will have to see how you divide your objects over the authorisation lists (sort of making security areas). Adding objects to authorisation lists will require an exclusive lock on the objects, but once this has been done you can easily change access rights without the need of having to obtain a lock on the objects.
    3,230 pointsBadges:
    report
  • qmaster
    Thanks to one and all!!!!!
    1,675 pointsBadges:
    report
  • RVP400
    Hi, You might find this article interesting: http://www.mcpressonline.com/tips-techniques/security/techtip-managing-authorization-lists-101-part-i.html Rgds, RVP
    270 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following