15 pts.
 New to iSeries Admin and Obj Level Security
I have a file that I have created and added an authorization list to. In the autl, it has *public = *exclude and 3 users that have *all; however, i've tested with numerous id's and they can still get into this file through a query. These users do need query, but not access to this specific file. Thanks in advance for your help.

Software/Hardware used:
ASKED: February 11, 2008  9:55 PM
UPDATED: October 16, 2009  2:25 AM

Answer Wiki:
Hi, I would first suggest checking the user profiles to see if they have *ALLOBJ authority (this will override any authorities that you specify at object level). Hope this helps, Martin Gilbert. ========================================================== Also, check the *PUBLIC authority on the file. Is it set to AUT(*AUTL)? If not, then authority checking for the file might never be redirected to the *AUTL. And check file ownership. Is it owned by a group profile? Any member of the group may adopt group authority. Is any user on the *AUTL a group profile? Same story. Was authority granted to a group when the file was created? Check your profile to see if you have a group and what the group action is for created objects. And, apart from the *AUTL, are there any private authorities on the object itself? And, what programming is in control when queries are run? Is the call stack operating under adopted authority? Tom
Last Wiki Answer Submitted:  October 16, 2009  2:25 am  by  Gilly400   23,625 pts.
All Answer Wiki Contributors:  Gilly400   23,625 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _