I secured a folder through an authorization list con PUBLIC *EXCLUDE. Users cannot see that folder. I add a user...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
container authorization *USE in the list, but this user can modify the document through Client Access and in iSeries 400 session can delete it. If I create a directory with *RX for data and *NONE for object, public cannot see the directory if it has no documents, but when it has a document the user can modify it. It seems that only works well with all authority or none. Is it the right way?
To access an object, such as a document, the user must have authority to at least two things - the document itself and its "container", in other words, the folder or directory in which it resides. If a document is in nested folders, the user needs authority to all of the folders in the path. When you exclude public from a folder, no one will be able to get to any of the documents in the folder. But when you give a user *USE or *RX to a folder, that user can access any document in the folder to which they have authority. If you don't want a user to access a particular document, you will also have to exclude that user from that document. You can limit the amount of access a user has to documents by modifying the public authority of the document. For example, *USE authority would allow the user to read the document and download it, but not update or modify it. *CHANGE authority would allow the user to modify, download and upload the document but not delete it.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ...continue reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ...continue reading
On AS/400, the journal type AF subtype K, shows that a user profile lacks the special authority required by the function attempting to run.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.