Manage Learn to apply best practices and optimize your operations.

Authority restrictions on the AUTL on backup/test systems and AUTL on live system

When restoring an object on the System i, the authority the object recieves from an Authority List will not change. Although two Authority Lists on different systems may have the same name, an object with a link to an Authority List will have different authorities depending on what system it is restored to.

We have two systems, live and backup/test. Most objects are secured by Authorization Lists.

If we change the AUTL on the backup/test system to restrict authority more than on the live system, will an object restored to the backup/test system know that the authority defined via the AUTL is different, or will the system just check that an AUTL with the correct name exists, and use the one it finds?

The Authority List authority is maintained separate from the object authority.

An object contains a reference to the Authority List and will be linked to the list as long as the list is in place before the object is restored while either *ALL or *AUTL is specified for the ALWOBJDIF parameter of the restore command.

Restoring an object will not change the authority it gets from an Authority List. So, if there are two seperate Authority Lists with the same name on two different systems and each list has a different authority assigned to it., an object with a link to that Authority List will have different authorities on whichever system it is restored to.

Authority Lists are saved by the SAVSYS command or the SAVSECDTA command and cannot be restored separately. They are restored using the RSTUSRPRF USRPRF(*ALL) command and their authority is restored like any other object's authority on the system, via the RSTAUT command.

Dig Deeper on Data backup, storage and retrieval on iSeries

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.