What IDs can delete objects

5 pts.
Tags:
AS/400 commands
How to check what & which IDs can delete objects, files and libs.

Software/Hardware used:
AS400

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • azohawk
    any user with special authority *allobj.  User through either named authority, group profiles, authorization list may have access to delete the object if they have object exist authority at the individual object level.
    545 pointsBadges:
    report
  • azohawk

    To look at these, examine all user profiles to see what special authority they have, and what groups they belong to.

    Examine each object to determine what userids and group profiles have authority to "object exist" on the objects. Also identify to see what object authroization list might be associated with the a given object.

    DSPUSRPRF USRPRF(*ALL) output(outfile) outfile(yourlib/yourfilename) will dump a listing of all user ids, their special authority and group profiles to a file that you specify ((yourlib/yourfilename) that you can query as to who has *allobj authority and determine what groups an id belongs to (note: there are to group profiles to look at: Group profile (upgrpf) and supplimental groups (upsupg).

    Examine authorization lists from the authorization list menu (go cmdautl) (I can't think of a way to review users on an authorization list).

    Actual objects authority, I don't see a way to dump data to a file so I think maybe you might need to do WRKOBJ obj(libname/*all)  objtype(*all) (where the object is the specified object by name in this case library=libname and object name = *all will get all objects. Objtype you can use *file, *pgm, etc. to thin the list to more managable size.

    Look at the authorization setting (option 5) on each object.  Look for Object authority *all or *usrdef. If *usrdef, press F11 to see the user has object exist authority.

    There are probably some 3rd party tools that will do this much cleaner.

     

    545 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following