Did you know that when you restore an object on the iSeries -- using the RSTOBJ/RSTLIB command -- it gets restored WITHOUT its private authorities?
Well, that's a big loss when we consider the fact that many organizations do
have hundreds of objects with customized authorities for specific users
(though it is recommended to have the minimum possible private authorities
on the iSeries).
This is not the case when you restore the entire system backup (as you use
the RSTAUT command at the end).
Documenting private authorities is a tedious task. Instead, here's a tip for
an easier way out.
On a daily basis, run a scheduled command :
DSPOBJD OBJ(*ALLUSR/*ALL) OBJTYPE(*ALL) OUTPUT(*OUTFILE)
OUTFILE(MYLIB/OBJLIST)
This should be run during off-peak times.
This command will create a file (OBJLIST) containing objects and their
library names.
Then, code the program (PGM_PVTAUT) and execute it, either on a periodic basis depending on how frequently authority changes happen on your system.
This program runs the DSPOBJAUT command for each object recorded in file
OBJLIST and outputs the details to file OBJAUTS.
Subsequently, whenever an object is restored, you can run a query on file
OBJAUTS and retrieve its private authorities (if any).
In case you are restoring a full library and need to restore private
authorities in bulk, call program PGM_GRTAUT.
Codes for these pgms are given below.
Believe me, this really comes in handy.
Code
/* Code for PGM_PVTAUT */
/***************************************************************************
/
/** This program reads the file OBJLIST which has been created using
*/
/** command DSPOBJD. For each object-entry, command DSPOBJAUT is executed
*/
/** and the output is directed to file OBJAUTS */
/***************************************************************************
/
PGM
DCLF FILE(MYLIB/OBJLIST) /*Listing of all objects on system*/
CLRPFM FILE(MYLIB/OBJAUTS) /*Clear outfile, if already populated
*/
START: RCVF
MONMSG MSGID(CPF0864) EXEC(GOTO CMDLBL(END))
DSPOBJAUT OBJ(&ODLBNM/&ODOBNM) OBJTYPE(&ODOBTP) +
OUTPUT(*OUTFILE) OUTFILE(MYLIB/OBJAUTS) +
OUTMBR(*FIRST *add)
MONMSG MSGID(CPF2208) /* Object not found */
GOTO START
END: ENDPGM
***********************************************
/** Code for Program PGM_GRTAUT *****/
/** This program is run to restore private authorities of objects */
/** in a library. */
/** Use this when you restore a library from backup media. */
/** Program reads the file OBJAUTS and grants authorities to objs.*/
/** in the specified library. */
/** To call : CALL PGM_GRTAUT PARM(lib-name) **/
/******************************************************************/
PGM PARM(&LIBNM)
DCL VAR(&LIBNM) TYPE(*CHAR) LEN(10)
DCLF FILE(MYLIB/OBJAUTS)
START:RCVF
MONMSG MSGID(CPF0864) EXEC(GOTO CMDLBL(END))
/***************************/
IF COND(&OAOPR *EQ 'X') THEN(GRTOBJAUT +
OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +
USER(&OAUSR) AUT(*OBJOPR))
IF COND(&OAOMGT *EQ 'X') THEN(GRTOBJAUT +
OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +
USER(&OAUSR) AUT(*OBJMGT))
IF COND(&OAEXS *EQ 'X') THEN(GRTOBJAUT +
OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +
USER(&OAUSR) AUT(*OBJEXIST))
IF COND(&OAREAD *EQ 'X') THEN(GRTOBJAUT +
OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +
USER(&OAUSR) AUT(*READ))
IF COND(&OAADD *EQ 'X') THEN(GRTOBJAUT +
OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +
USER(&OAUSR) AUT(*ADD))
IF COND(&OAUPD *EQ 'X') THEN(GRTOBJAUT +
OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +
USER(&OAUSR) AUT(*UPD))
IF COND(&OADLT *EQ 'X') THEN(GRTOBJAUT +
OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +
USER(&OAUSR) AUT(*DLT))
IF COND(&OAEXEC *EQ 'X') THEN(GRTOBJAUT +
OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +
USER(&OAUSR) AUT(*EXECUTE))
IF COND(&OAALT *EQ 'X') THEN(GRTOBJAUT +
OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +
USER(&OAUSR) AUT(*OBJALTER))
IF COND(&OAREF *EQ 'X') THEN(GRTOBJAUT +
OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +
USER(&OAUSR) AUT(*OBJREF))
GRTOBJAUT OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +
AUTL(&OAANAM)
GRTOBJAUT OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +
USER(*PUBLIC) AUT(*AUTL)
GOTO CMDLBL(START)
END:
ENDPGM
****************** End of data **************************************
==================================
MORE INFORMATION ON THIS TOPIC
==================================
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Check out this Search400.com Featured Topic: Top ten security tips
