To access an object, such as a document, the user must have authority to at least two things - the document itself and its "container", in other words, the folder or directory in which it resides. If a document is in nested folders, the user needs authority to all of the folders in the path. When you exclude public from a folder, no one will be able to get to any of the documents in the folder. But when you give a user *USE or *RX to a folder, that user can access any document in the folder to which they have authority. If you don't want a user to access a particular document, you will also have to exclude that user from that document. You can limit the amount of access a user has to documents by modifying the public authority of the document. For example, *USE authority would allow the user to read the document and download it, but not update or modify it. *CHANGE authority would allow the user to modify, download and upload the document but not delete it.
================================== MORE INFORMATION ON THIS TOPIC ==================================
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
This was first published in March 2002