Ask the Expert

OS/400 V4R5 and QSECURITY=30

I secured a folder through an authorization list con PUBLIC *EXCLUDE. Users cannot see that folder. I add a user container authorization *USE in the list, but this user can modify the document through Client Access and in iSeries 400 session can delete it. If I create a directory with *RX for data and *NONE for object, public cannot see the directory if it has no documents, but when it has a document the user can modify it. It seems that only works well with all authority or none. Is it the right way?

To access an object, such as a document, the user must have authority to at least two things - the document itself and its "container", in other words, the folder or directory in which it resides. If a document is in nested folders, the user needs authority to all of the folders in the path. When you exclude public from a folder, no one will be able to get to any of the documents in the folder. But when you give a user *USE or *RX to a folder, that user can access any document in the folder to which they have authority. If you don't want a user to access a particular document, you will also have to exclude that user from that document. You can limit the amount of access a user has to documents by modifying the public authority of the document. For example, *USE authority would allow the user to read the document and download it, but not update or modify it. *CHANGE authority would allow the user to modify, download and upload the document but not delete it.

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.


This was first published in March 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: