I have been asked by an auditor to change the QCRTAUT value from *Change to *Use. If I change the libraries to *USE rather than the SYSVAL, will I accomplish the same thing without having to perform an in-depth study of Appendix D, or would I create more problems than I would by changing the SYSVAL and the affected commands?
I've found that to successfully change QCRTAUT from *CHANGE to *USE, you often have to change the Create Authority setting of some libraries. For the most part, you can leave IBM-supplied libraries alone because if they needed to, they've already specified a specific value for their create authority parameter. Now the analysis starts -- whether you change the system value or change the libraries. You almost have to take a look at each library on the system and determine whether objects are being created into the library and whether they should be changed or updated by the general public (the setting should be *CHANGE) or whether the objects should be read-only (the setting should be *USE.) Most libraries are ok with either their create authority or the QCRTAUT system value set to *USE, but if you have the situation where objects are routinely being created and updated, then *USE might not work. Bottom line is that analysis needs to occur no matter which method you choose. However, I have successfully changed QCRTAUT to *USE without totally breaking or reworking applications.
Dig Deeper on iSeries system and application security
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ...
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ...
On AS/400, the journal type AF subtype K, shows that a user profile lacks the special authority required by the function attempting to run.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.