Register

Forgot Password

Site FAQ

Home > IT Answers > AS/400 > I5 private Authorities

Johnwhitew

20 pts.

I5 private Authorities

AS/400 User Groups, i5, OS/400 and iSeries, Private Authorities

Ok after speaking with some of the IBM support people. I was told that we need to create user groups to minimize the Private Authorities issue we have. 1. How are groups created? 2. How will this help(how are authorities distributed among the users of said group)?

Software/Hardware used:

ASKED: November 4, 2008 9:02 PM

UPDATED: November 5, 2008 9:05 PM

RELATED QUESTIONS

Answer Wiki:

Not entirely sure what "private authority" issue you have since you did not elaborate on that but I'll give you the quick version of groups and authorities. User "groups".. Start with creating a user profile for the group. Give it a meaniful name and set the password to *NONE. CRTUSRPRF USRPRF(GROUP1) PASSWORD(*NONE) TEXT('This is a group') To assign users to that "group" you make some changes on the profiles for those users. CHRUSRPRF USRPRF(JSMITH) GRPPRF(GROUP1) OWNER(*GRPPRF) You can also assign users to groups through iSeries Navigator.. Pretty pictures and all that makes it a bit easier. Authority - first assumption is that your user accounts do not have *ALLOBJ authority - because the idea is that you restrict authority by by making objects PUBLIC *EXCLUDE and then assigning authority to the group accounts either directly or through authorization lists. Use the WRKOBJ command to see what authority has been set up for who on an object. That will also tell you if an authorization list has been set up over that object. The edit authority option lets you change whatever authority has been set up on the object. Regards Mike

Not entirely sure what "private authority" issue you have since you did not elaborate on that but I'll give you the quick version of groups and authorities.

User "groups".. 
Start with creating a user profile for the group. Give it a meaniful name and set the password to *NONE.
CRTUSRPRF USRPRF(GROUP1) PASSWORD(*NONE) TEXT('This is a group')

To assign users to that "group" you make some changes on the profiles for those users.
CHRUSRPRF USRPRF(JSMITH) GRPPRF(GROUP1) OWNER(*GRPPRF)

You can also assign users to groups through iSeries Navigator..  Pretty pictures and all that makes it a bit easier.

Authority - first assumption is that your user accounts do not have *ALLOBJ authority - because the idea is that you restrict authority by by making objects PUBLIC *EXCLUDE and then assigning authority to the group accounts either directly or through authorization lists.

Use the WRKOBJ command to see what authority has been set up for who on an object. That will also tell you if an authorization list has been set up over that object. The edit authority option lets you change whatever authority has been set up on the object.

Regards
Mike

Last Wiki Answer Submitted: November 5, 2008 9:05 pm by mcl

2,725 pts.

All Answer Wiki Contributors: mcl

2,725 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags