New to iSeries Admin and Obj Level Security

15 pts.
Tags:
AS/400 security
I have a file that I have created and added an authorization list to. In the autl, it has *public = *exclude and 3 users that have *all; however, i've tested with numerous id's and they can still get into this file through a query. These users do need query, but not access to this specific file. Thanks in advance for your help.
ASKED: February 11, 2008  9:55 PM
UPDATED: October 16, 2009  2:25 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hi,

I would first suggest checking the user profiles to see if they have *ALLOBJ authority (this will override any authorities that you specify at object level).

Hope this helps,

Martin Gilbert.

==========================================================

Also, check the *PUBLIC authority on the file. Is it set to AUT(*AUTL)? If not, then authority checking for the file might never be redirected to the *AUTL.

And check file ownership. Is it owned by a group profile? Any member of the group may adopt group authority. Is any user on the *AUTL a group profile? Same story. Was authority granted to a group when the file was created? Check your profile to see if you have a group and what the group action is for created objects.

And, apart from the *AUTL, are there any private authorities on the object itself?

And, what programming is in control when queries are run? Is the call stack operating under adopted authority?

Tom

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following