Display all objects private authorities from a given library

Display object private authorities

During an object restore following attributes are kept:

* Owner value
* Primary Group profile value
* Authorization list value
* *PUBLIC authority value

As you might be aware of, private authorities get lost during a save/restore process even if the target system is the same as the source system.

The only way to avoid this -- it is a complicated process – but proceed as follows:

* Restore user profiles
* Restore objects
* Run command RSTAUT to reapply all the private authorities

This might be run during a system restore or migration but not when restoring a few objects or libraries to your system.

Therefore, it might be interesting to know, in a given library, which objects have such private authorities before restoring them, in order to reapply these private authorities manually.

I've written a short procedure to get a list about all private authorities on all objects in a given library.

Proceed with the following to get the list:

* STRPDM
* Select option
* Work with objects
* In the field library, enter the specific library you want to scan for private authorities on objects (here SAUVAJE1)
* The other three fields must be left to value *ALL

The following steps have to be done only once, the first time you use this process:

* Press function key F16=User options
* Press function key F6=Create, to create a user defined option DO (or any other option value) for the DSPOBJAUT command. (Due to the fact that the command DSPOBJAUT does not allow *ALL as object name, you have to use this manual trick). * Enter following command string as Command value : DSPOBJAUT OBJ(&L/&N) OBJTYPE(&T) OUTPUT(*OUTFILE) OUTFILE(QTEMP/JMS) OUTMBR(*FIRST *ADD) The Display Object Authority results will be written in the above file QTEMP/JMS. This can be changed to any other value.
* Press Enter
* Use F3=Exit to return to the Work with Objects using the PDM screen displaying your library content

The command DSPOBJAUT displays the following information in the output file:

* All private authorities
* Authorization list name
* Public authority
* Primary group

From the file content, we need the private authorities information only.

Therefore, we will use Query to extract the needed information (private authorities) from the file.

* Enter command WRKQRY
* Create a new query named LSTPRVAUT (Lists all private authorities on Objects.)
* Specify the input file name (here QTEMP/JMS). Be aware that files in QTEMP can not be queried in batch.

This selection avoids *PUBLIC authority and Owners authority to be listed and keeps private authorities only.

* Select an appropriate output type and output form
* Run the query and check the output

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

Visit the ITKnowledge Exchange and get answers to your security questions fast.

Rate this Tip To rate tips, you must be a member of Search400.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT iSeries security tips Developing a security incident response system for System i Tracking remote access users on System i Setting up security for programmers on IBM i Controlling remote access on your IBM i Checking in on your IBM i authorization lists PCI data security standards and the System i Securing the integrated file system on IBM System i Contextual security on IBM i: Limit user profile access Time for a security checkup for your i Security monitoring on IBM i: Watching your super users iSeries system and application security Developing a security incident response system for System i Setting up security for programmers on IBM i Blocking AS/400 DB2 users Trouble accessing IFS path from Win2k3 server Checking in on your IBM i authorization lists Strategies for securing IBM i production files Changing password security levels and upgrading operating systems on the IBM i Determine the value of parameter UPPWEI in the DSPUSRPRF field Define journal code value "K" Modify content within a journal receiver file RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary midrange  (Search400.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.