securing a library on an iSeries400
We've created a library to which we want to restrict access to a limited number of users. How can we do this on an iSeries at V5R3? There are files within this library that are used by programs in other libraries. When we restrict access to this library will this impact these files and if so is there a work around?
Thanks for your help!
Software/Hardware used:
Software/Hardware used:
ASKED:
October 28, 2005 2:35 PM
UPDATED:
October 31, 2005 2:42 AM
Answer Wiki:
You simply have to decide who you do want to have access to the library and what level of access you want to give them (different actions require different levels of access). This can be decided at User or Group level. You then use CHGOBJPGP and/or EDTOBJAUT (with or without AUTL) to grant said authority.
Note: You cannot grant access rights to "programs in other libraries". You can only grant/deny access to the users who invoke these programs.
That said, you can use Authority Adoption to make certain programs run as UserX, no matter who invokes them (CHGPGM USRPRF = *OWNER and CHGOBJOWN = USERX).
Finally, you could always resort to *ALLOBJ (But don't - your auditors will kill you).
One last note.....You are now in the realms of general object level access, which is the basic building block of logical security on the iSeries. This should be looked at as one part of a bigger picture and not taken as an individual solution.
That is to say, if you don't control things like SPCAUTs and SYSVALs, etc, then this library level access can be made redundant very quickly.
To see all answers submitted to the Answer Wiki: View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
