Archiving private authorities

Be aware that when you restore an object on the iSeries -- using the RSTOBJ/RSTLIB command -- it gets restored WITHOUT its private authorities.

This Content Component encountered an error

Did you know that when you restore an object on the iSeries -- using the RSTOBJ/RSTLIB command -- it gets restored WITHOUT its private authorities? Well, that's a big loss when we consider the fact that many organizations do have hundreds of objects with customized authorities for specific users (though it is recommended to have the minimum possible private authorities on the iSeries). This is not the case when you restore the entire...

system backup (as you use the RSTAUT command at the end).

Documenting private authorities is a tedious task. Instead, here's a tip for an easier way out.

On a daily basis, run a scheduled command :

DSPOBJD OBJ(*ALLUSR/*ALL) OBJTYPE(*ALL) OUTPUT(*OUTFILE) OUTFILE(MYLIB/OBJLIST)

This should be run during off-peak times.

This command will create a file (OBJLIST) containing objects and their library names.

Then, code the program (PGM_PVTAUT) and execute it, either on a periodic basis depending on how frequently authority changes happen on your system. This program runs the DSPOBJAUT command for each object recorded in file OBJLIST and outputs the details to file OBJAUTS.

Subsequently, whenever an object is restored, you can run a query on file OBJAUTS and retrieve its private authorities (if any).

In case you are restoring a full library and need to restore private authorities in bulk, call program PGM_GRTAUT.

Codes for these pgms are given below.

Believe me, this really comes in handy.


 
 /* Code for PGM_PVTAUT */ 
 
/***************************************************************************
/ 
  /** This program reads the file OBJLIST which has been created using
*/ 
  /** command DSPOBJD. For each object-entry, command DSPOBJAUT is executed
*/ 
  /** and the output is directed to file OBJAUTS */

 
/***************************************************************************
/ 
 

         PGM

 

         DCLF    FILE(MYLIB/OBJLIST) /*Listing of all objects on system*/

 

         CLRPFM  FILE(MYLIB/OBJAUTS) /*Clear outfile, if already populated
*/   
 

 START: RCVF

             MONMSG     MSGID(CPF0864) EXEC(GOTO CMDLBL(END))

 

             DSPOBJAUT  OBJ(&ODLBNM/&ODOBNM) OBJTYPE(&ODOBTP) +

                          OUTPUT(*OUTFILE) OUTFILE(MYLIB/OBJAUTS) +

                          OUTMBR(*FIRST *add)

             MONMSG     MSGID(CPF2208) /* Object not found */

 

                   GOTO START

 END:  ENDPGM    

***********************************************


  /** Code for Program PGM_GRTAUT *****/                               
 /** This program is run to restore private authorities of objects */ 
 /** in a library.                                                 */ 
 /** Use this when you restore a library from backup media.        */ 
 /** Program reads the file OBJAUTS and grants authorities to objs.*/ 
 /** in the specified library.                                     */ 
 /** To call :  CALL  PGM_GRTAUT  PARM(lib-name)                  **/ 
 /******************************************************************/ 
                                                                      
PGM PARM(&LIBNM)                                                      
             DCL        VAR(&LIBNM) TYPE(*CHAR) LEN(10)               
             DCLF       FILE(MYLIB/OBJAUTS)                           
  START:RCVF                                                          
             MONMSG     MSGID(CPF0864) EXEC(GOTO CMDLBL(END))         
                                                                      
      /***************************/                                   
             IF         COND(&OAOPR *EQ 'X') THEN(GRTOBJAUT +         
                          OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +      
                          USER(&OAUSR) AUT(*OBJOPR))                  
                                                                      
              IF         COND(&OAOMGT *EQ 'X') THEN(GRTOBJAUT +     
                           OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +   
                           USER(&OAUSR) AUT(*OBJMGT))               
                                                                    
              IF         COND(&OAEXS *EQ 'X') THEN(GRTOBJAUT +      
                           OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +   
                           USER(&OAUSR) AUT(*OBJEXIST))             
                                                                    
              IF         COND(&OAREAD *EQ 'X') THEN(GRTOBJAUT +     
                           OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +   
                           USER(&OAUSR) AUT(*READ))                 
                                                                    
              IF         COND(&OAADD *EQ 'X') THEN(GRTOBJAUT +      
                           OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +   
                           USER(&OAUSR) AUT(*ADD))                  
              IF         COND(&OAUPD *EQ 'X') THEN(GRTOBJAUT +      
                           OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +   
                           USER(&OAUSR) AUT(*UPD))                  
                                                                    
              IF         COND(&OADLT *EQ 'X') THEN(GRTOBJAUT +      
                           OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +   
                                                                    
                           USER(&OAUSR) AUT(*DLT))                    
              IF         COND(&OAEXEC *EQ 'X') THEN(GRTOBJAUT +       
                           OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +     
                           USER(&OAUSR) AUT(*EXECUTE))                
              IF         COND(&OAALT *EQ 'X') THEN(GRTOBJAUT +        
                           OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +     
                           USER(&OAUSR) AUT(*OBJALTER))               
                                                                      
              IF         COND(&OAREF *EQ 'X') THEN(GRTOBJAUT +        
                           OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +     
                           USER(&OAUSR) AUT(*OBJREF))                 
                                                                      
              GRTOBJAUT  OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +       
                           AUTL(&OAANAM)                              
              GRTOBJAUT  OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +       
                           USER(*PUBLIC) AUT(*AUTL)                   
              GOTO       CMDLBL(START)                                
                                                                      
 END:                                                                 
 ENDPGM                                                               
 ****************** End of data ************************************** 

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

This was first published in February 2004

Dig deeper on iSeries system and application security

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchEnterpriseLinux

SearchDataCenter

Close