Home > Ask the AS/400 Experts > iSeries Security Questions & Answers > Moving files to new libraries allows access to only groups or users that are authorized
Ask The iSeries 400 Expert: Questions & Answers
EMAIL THIS

Moving files to new libraries allows access to only groups or users that are authorized

Carol Woodbury EXPERT RESPONSE FROM: Carol Woodbury

Pose a Question
Other iSeries 400 Categories
Meet all iSeries 400 Experts
Become an Expert for this site


iSeries news and advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 09 June 2008
I have taken away all object authority from all my users. All has been going well until I try to run a query that is creating a file (*replace) and I get a message that the user is not authorized to the library, and thus is not able to replace the file. It was suggested that I put the file in a different library. If I create a different library, am I giving the ownership to this library to the person or group profile to whom will be replacing the file? Please let me know what the steps are to giving the user authority to replace a file using the query. This query is in a CL procedure. She has *Change access to the Library that the file is in and *all authority to run the query.

>
You have a couple of options. You could either have the CL procedure adopt the authority of a powerful profile and then only grant authority the CL procedure to the users you want to run the query. Or you could move the query to another library.

I prefer moving the file to another library. That way, it's easier to control who can see the results of running the queries. You can set the *PUBLIC authority of the library to *EXCLUDE and have the owner of the library be the group to which the user(s) belong. Then, I'd set the CRTAUT (Create authority) value for this library to *ALL. That will cause any file that gets created into the library to be set to *PUBLIC *ALL. Then, regardless of who is running the query, they will be able to delete and re-create the file. This method allows you to separate out who can use the results of the query. I like to create a query library for each role (or group) on the system – one for accounting, another on for HR, etc. That way, each role's information can only be viewed by other users in that role.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED CONTENT
iSeries Security
Changing password security levels and upgrading operating systems on the IBM i
Determine the value of parameter UPPWEI in the DSPUSRPRF field
Define journal code value "K"
Modify content within a journal receiver file
Change password parameters on the AS/400 without deactivating user's passwords
Prevent insiders with *READ or *USE access from circumventing object authority on IBM i
Prevent insiders from obtaining user ids and passwords on the IBM i
Change the IBM i system to allow only certain types of SSL protocol versions
Authorize a specific user to select files in a separate library
Allow a user to view a library prod without granting full access to all data

iSeries system and application security
Developing a security incident response system for System i
Setting up security for programmers on IBM i
Blocking AS/400 DB2 users
Trouble accessing IFS path from Win2k3 server
Checking in on your IBM i authorization lists
Strategies for securing IBM i production files
Changing password security levels and upgrading operating systems on the IBM i
Determine the value of parameter UPPWEI in the DSPUSRPRF field
Define journal code value "K"
Modify content within a journal receiver file

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
midrange  (Search400.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



iSeries Networking - Printing, Remote Access, TCP/IP
HomeNewsTopicsITKnowledge ExchangeTipsBlogsAsk the ExpertsMultimediaWhite PapersProducts
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 1999 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts