Archiving private authorities

Did you know that when you restore an object on the iSeries -- using the RSTOBJ/RSTLIB command -- it gets restored WITHOUT its private authorities? Well, that's a big loss when we consider the fact that many organizations do have hundreds of objects with customized authorities for specific users (though it is recommended to have the minimum possible private authorities on the iSeries). This is not the case when you restore the entire system backup (as you use the RSTAUT command at the end).

Documenting private authorities is a tedious task. Instead, here's a tip for an easier way out.

On a daily basis, run a scheduled command :


This should be run during off-peak times.

This command will create a file (OBJLIST) containing objects and their library names.

Then, code the program (PGM_PVTAUT) and execute it, either on a periodic basis depending on how frequently authority changes happen on your system. This program runs the DSPOBJAUT command for each object recorded in file OBJLIST and outputs the details to file OBJAUTS.

Subsequently, whenever an object is restored, you can run a query on file OBJAUTS and retrieve its private authorities (if any).

In case you are restoring a full library and need to restore private authorities in bulk, call program PGM_GRTAUT.

Codes for these pgms are given below.

Believe me, this really comes in handy.

 /* Code for PGM_PVTAUT */ 
  /** This program reads the file OBJLIST which has been created using
  /** command DSPOBJD. For each object-entry, command DSPOBJAUT is executed
  /** and the output is directed to file OBJAUTS */




         DCLF    FILE(MYLIB/OBJLIST) /*Listing of all objects on system*/


         CLRPFM  FILE(MYLIB/OBJAUTS) /*Clear outfile, if already populated





                          OUTPUT(*OUTFILE) OUTFILE(MYLIB/OBJAUTS) +

                          OUTMBR(*FIRST *add)

             MONMSG     MSGID(CPF2208) /* Object not found */


                   GOTO START



  /** Code for Program PGM_GRTAUT *****/                               
 /** This program is run to restore private authorities of objects */ 
 /** in a library.                                                 */ 
 /** Use this when you restore a library from backup media.        */ 
 /** Program reads the file OBJAUTS and grants authorities to objs.*/ 
 /** in the specified library.                                     */ 
 /** To call :  CALL  PGM_GRTAUT  PARM(lib-name)                  **/ 
PGM PARM(&LIBNM)                                                      
             DCL        VAR(&LIBNM) TYPE(*CHAR) LEN(10)               
             DCLF       FILE(MYLIB/OBJAUTS)                           
             MONMSG     MSGID(CPF0864) EXEC(GOTO CMDLBL(END))         
             IF         COND(&OAOPR *EQ 'X') THEN(GRTOBJAUT +         
                          OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +      
                          USER(&OAUSR) AUT(*OBJOPR))                  
              IF         COND(&OAOMGT *EQ 'X') THEN(GRTOBJAUT +     
                           OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +   
                           USER(&OAUSR) AUT(*OBJMGT))               
              IF         COND(&OAEXS *EQ 'X') THEN(GRTOBJAUT +      
                           OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +   
                           USER(&OAUSR) AUT(*OBJEXIST))             
              IF         COND(&OAREAD *EQ 'X') THEN(GRTOBJAUT +     
                           OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +   
                           USER(&OAUSR) AUT(*READ))                 
              IF         COND(&OAADD *EQ 'X') THEN(GRTOBJAUT +      
                           OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +   
                           USER(&OAUSR) AUT(*ADD))                  
              IF         COND(&OAUPD *EQ 'X') THEN(GRTOBJAUT +      
                           OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +   
                           USER(&OAUSR) AUT(*UPD))                  
              IF         COND(&OADLT *EQ 'X') THEN(GRTOBJAUT +      
                           OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +   
                           USER(&OAUSR) AUT(*DLT))                    
              IF         COND(&OAEXEC *EQ 'X') THEN(GRTOBJAUT +       
                           OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +     
                           USER(&OAUSR) AUT(*EXECUTE))                
              IF         COND(&OAALT *EQ 'X') THEN(GRTOBJAUT +        
                           OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +     
                           USER(&OAUSR) AUT(*OBJALTER))               
              IF         COND(&OAREF *EQ 'X') THEN(GRTOBJAUT +        
                           OBJ(&LIBNM/&OANAME) OBJTYPE(&OATYPE) +     
                           USER(&OAUSR) AUT(*OBJREF))                 
                           USER(*PUBLIC) AUT(*AUTL)                   
              GOTO       CMDLBL(START)                                
 ****************** End of data ************************************** 


The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

This was first published in February 2004

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.