ibmi-brunch-learn

Announcement

Collapse
No announcement yet.

Object Authority

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Object Authority

    Hi,

    I want to know that how create authority on Objects.
    I want to make QRPGLESRC of my liberery in lock state so that only i can have the access to it from my signon and other users cannot access it.

    I have tried CHGAUT but it asks for path ? Which i do not know how to provide.

    Plz help


    Thanks
    SAM
    Tags: None
  • #2
    hi

    CHGDLOAUT (Change Document Library Object Authority) Command
    Description
    CHGDLOAUT Command syntax diagram


    Example for CHGDLOAUT
    CHGDLOAUT DLO(MYDOC) FLR(MYFLR)
    USRAUT((*PUBLIC *AUTL)) AUTL(MYAUTL)

    its on Vol3commands.pdf of ibm cl commands

    hope it helped
    "It's like a koala pooped a rainbow on my head and I can taste the colors."

    Comment

    • #3
      Explanation !

      I should make it mor clear for u.

      I have created a library TSTLIB and created SRCPF QRPGLESRC and QCLSRC. It has objects and source. These are created with my user profile. Now any body can work on this library. What i want is that any body can see this library but cant work on it. So there is some mechanism called Object Locking and by that mechanism we can lock the object (in my case it has to be QRPGLESRC) so that everybody can see it but only i can work on it with my user profile.

      It has nothing to do with the Folder concept.

      Hope that my position is clear !!
      SAM

      Comment

      • #4
        Hi SAM

        You can create an authorization list or use the command
        EDTOBJAUT

        Set *PUBLIC AUTHORITY to *EXCLUDE

        If you have QSECOFR authority then you can use COMMAND
        CHGOBJOWN an object owned by QSECOFR usally is secured from others viewing it


        Code:
        Authorization lists are often an unused and misunderstood security-management 
tool. A feature thatâ??s been available since the first OS/400 release, 
authorization lists (a.k.a. authority lists) help security officers 
manage authority to objects (libraries, files, folders, directories, etc.) 
that all must be authorized in the same way. In other words, users require 
the same authority to many objects.

Hereâ??s how an authorization list could help you secure an accounts receivable 
application. First, create the authorization list using the Create Authorization 
List (CRTAUTL) command:

CRTAUTL AUTL(AR_AUTL)

(Note: OS/400 always creates authorization lists in QSYS.)


Then determine the objects to be secured with the authorization list. 
In this example, thatâ??s all of the files associated with the accounts 
receivable application.

To associate the authorization list with the files, do one of the following 
for all of the files:

1) Run the Grant Object Authority (GRTOBJAUT) command:

GRTOBJAUT OBJ(AR_LIB/AR_FILE01) OBJTYPE(*FILE) AUTL(AR_AUTL)

2) Run the Edit Object Authority (EDTOBJAUT) command specifying the 
authorization list name in the Object Secured by Authorization List field.

3) To associate an object in the IFS (including objects in QSYS.LIB) 
with an authorization list, use the Change Authority (CHGAUT) command:

CHGAUT OBJ(/QSYS.LIB/AR_LIB.LIB/AR_FILE01.FILE) AUTL(AR_AUTL)

Next, grant the authority to the appropriate users in the authorization list. 
This can be done in one of two ways:

1) Run the Add Authorization List Entry (ADDAUTLE) command:

ADDAUTLE AUTL(AR_AUTL) USER(KELSEY) AUT(*USE)

2) Use the Edit Authorization List (EDTAUTL) command, specifying the name 
of the authorization list. When the display comes up, press F6 to add new 
users and their authority.

For example, Kelsey uses *USE authority to access AR_FILE01 because OS/400 
recognizes that the AR_FILE01 is secured with the AR_AUTL and that Kelsey has 
*USE authority to AR_AUTL. Kelsey will have *USE authority to any additional 
files or objects secured with AR_AUTL.

In addition to the ability to authorize users or groups to the authorization 
list, the AUTL defines the *PUBLIC authority for the objects it secures. 
To do this, you must get the objectsâ?? *PUBLIC authority "pointing" to the 
authorization list. After associating the authorization list with the object, 
run the GRTOBJAUT command:

GRTOBJAUT OBJ(AR_LIB/AR_FIL01) OBJTYPE(*FILE) USER(*PUBLIC) AUT(*AUTL)

Then set the *PUBLIC authority of the AR_AUTL using the GRTOBJAUT or the EDTAUTL command:

GRTOBJAUT OBJ(AR_AUTL) OBJTYPE(*AUTL) USER(*PUBLIC) AUT(*EXCLUDE)
        All my answers were extracted from the "Big Dummy's Guide to the As400"
        and I take no responsibility for any of them.

        www.code400.com

        Comment

        • #5
          Thaks

          Thanks for quick reply.

          I got what i want.
          SAM

          Comment

          Previous template Next
          Working...
          X