Q:
New to iSeries Admin and Obj Level Security
I have a file that I have created and added an authorization list to. In the autl, it has *public = *exclude and 3 users that have *all; however, i've tested with numerous id's and they can still get into this file through a query. These users do need query, but not access to this specific file. Thanks in advance for your help.
ASKED:
Feb 11 2008 9:55 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
A:
RATE THIS ANSWER
0
Click to Vote:
0
Click to Vote:
- 0
0
I would first suggest checking the user profiles to see if they have *ALLOBJ authority (this will override any authorities that you specify at object level).
Hope this helps,
Martin Gilbert.
==========================================================
Also, check the *PUBLIC authority on the file. Is it set to AUT(*AUTL)? If not, then authority checking for the file might never be redirected to the *AUTL.
And check file ownership. Is it owned by a group profile? Any member of the group may adopt group authority. Is any user on the *AUTL a group profile? Same story. Was authority granted to a group when the file was created? Check your profile to see if you have a group and what the group action is for created objects.
And, apart from the *AUTL, are there any private authorities on the object itself?
And, what programming is in control when queries are run? Is the call stack operating under adopted authority?
Tom
