New to iSeries Admin and Obj Level Security
15 pts.
0
Q:
New to iSeries Admin and Obj Level Security
I have a file that I have created and added an authorization list to. In the autl, it has *public = *exclude and 3 users that have *all; however, i've tested with numerous id's and they can still get into this file through a query. These users do need query, but not access to this specific file. Thanks in advance for your help.
ASKED: Feb 11 2008  9:55 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
0
7315 pts.
0
A:
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
  • AddThis Social Bookmark Button
Hi,

I would first suggest checking the user profiles to see if they have *ALLOBJ authority (this will override any authorities that you specify at object level).

Hope this helps,

Martin Gilbert.

==========================================================

Also, check the *PUBLIC authority on the file. Is it set to AUT(*AUTL)? If not, then authority checking for the file might never be redirected to the *AUTL.

And check file ownership. Is it owned by a group profile? Any member of the group may adopt group authority. Is any user on the *AUTL a group profile? Same story. Was authority granted to a group when the file was created? Check your profile to see if you have a group and what the group action is for created objects.

And, apart from the *AUTL, are there any private authorities on the object itself?

And, what programming is in control when queries are run? Is the call stack operating under adopted authority?

Tom
Last Answered: Oct 16 2009  2:25 AM GMT by TomLiotta   7315 pts.
Latest Contributors: Gilly400   23625 pts.
0
0
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



0