Working with authorization lists

We are creating a test environment that mirrors one of the production 400's. In the testing environment, a base copy of every object must be contained in a protected area of the system. This will then be used as a form of "baseline" to continuously create test subsets on the fly. Many of the objects on the production system are restricted through the use of auth lists. Once we migrate all necessary objects to the test machine what will be the impact on the use of these objects if the affiliated authorization lists are not present?

The simple answer to your question is that it MAY cause you problems. When the authorization list used to secure an object does not exist on the system when it is restored, the object will be restored, but the *PUBLIC authority will be changed to *EXCLUDE.

Since you state that these objects will restored in a "Protected area of the system", I assume you mean that *PUBLIC should have *EXCLUDE authority anyway. In which case you're fine. If my assumption is incorrect, and *PUBLIC needs authority to these objects, you'll have to set them each time you restore the objects. As an alternative to setting them each time, create duplicate authorization list names on the Test machine, and set the list authorizations as appropriate for that machine.

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: Tips, tutorials and more.

Search400.com's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Read this Search400.com Featured Topic: Secure your iSeries


This was first published in September 2002

Back to top