Site FAQ

Home > IT Answers > AS/400 > How to restrict required libraries and through error message when tried to access. in as/400

Santoshreddyb

15 pts.

How to restrict required libraries and through error message when tried to access. in as/400

AS/400 Administrator, AS/400 Security Data

Remove production libraries from system value QUSRLIBL. Having these libraries in the library list when a user signs on it effect gives them authority to the libraries. Ssecurity enhancements have to be implemented to users who do not have specific authority to these libraries and should experience errors when trying to sign on

Software/Hardware used:

ASKED: November 26, 2009 12:31 PM

UPDATED: November 30, 2009 9:37 PM

RELATED QUESTIONS

Answer Wiki:

Having libraries in a library list does nothing that "gives them authority". If a user doesn't have authority to a library in QUSRLIBL and QUSRLIBL is assigned as that user's library list, then the user will not be able to signon. An authority failure will stop the logon. The user must already have authority to the library in order to signon when the library is part of the user's library list. However, if the user has authority to the library, then the authority will be available whether the library is in the library list or not. The only difference is that the library can't be accessed through the library list. It can still be accessed by name. Regardless, "production" libraries should not be listed in QUSRLIBL. There is no reason to make libraries automatically available when the libraries contain objects that don't need to be advertised. Further, the libraries should have PUBLIC *EXCLUDE which should make them unusable in QUSRLIBL. But, what as Philpl1jb asked, what is the question? Tom

However, if the user has authority to the library, then the authority will be available whether the library is in the library list or not. The only difference is that the library can't be accessed through the library list. It can still be accessed by name.

Regardless, "production" libraries should not be listed in QUSRLIBL. There is no reason to make libraries automatically available when the libraries contain objects that don't need to be advertised.

Further, the libraries should have PUBLIC *EXCLUDE which should make them unusable in QUSRLIBL.

But, what as Philpl1jb asked, what is the question?

Tom

Last Wiki Answer Submitted: November 27, 2009 5:09 am by TomLiotta

107,735 pts.

All Answer Wiki Contributors: TomLiotta

107,735 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Nov 26, 2009 6:43 PM (GMT)

Is there a question here?

philpl1jb

44,070 pts.

POSTED: Nov 28, 2009 2:22 AM (GMT)

I think the key point here is that security on the AS/400 includes OBJECT authority restrictions. You can restrict a user or group of users from libraries or from specific files or restrict how they can use these or anyother objects.
Phil

philpl1jb

44,070 pts.

POSTED: Nov 30, 2009 9:37 PM (GMT)

Are you asking how to restrict users form certain libraries? If so, this can be done through a variety of means. Object authority, group profiles and authorization list are just a few that come to mind.

Teandy

5,830 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags