Manage

Moving files to new libraries allows access to only groups or users that are authorized

If you have a file in AS/400 that needs to be replaced in a library, but get an error message indicating that a user cannot access a library, the best option is to create a new library and give access only to the group that needs access.

Carol Woodbury, SkyView Partners

Published: 06 Aug 2008

I have taken away all object authority from all my users. All has been going well until I try to run a query that is creating a file (*replace) and I get a message that the user is not authorized to the library, and thus is not able to replace the file. It was suggested that I put the file in a different library. If I create a different library, am I giving the ownership to this library to the person or group profile to whom will be replacing the file? Please let me know what the steps are to giving the user authority to replace a file using the query. This query is in a CL procedure. She has *Change access to the Library that the file is in and *all authority to run the query.

You have a couple of options. You could either have the CL procedure adopt the authority of a powerful profile and then only grant authority the CL procedure to the users you want to run the query. Or you could move the query to another library.

I prefer moving the file to another library. That way, it's easier to control who can see the results of running the queries. You can set the *PUBLIC authority of the library to *EXCLUDE and have the owner of the library be the group to which the user(s) belong. Then, I'd set the CRTAUT (Create authority) value for this library to *ALL. That will cause any file that gets created into the library to be set to *PUBLIC *ALL. Then, regardless of who is running the query, they will be able to delete and re-create the file. This method allows you to separate out who can use the results of the query. I like to create a query library for each role (or group) on the system – one for accounting, another on for HR, etc. That way, each role's information can only be viewed by other users in that role.

Dig Deeper on iSeries system and application security

Buying your first backup tape library: What you need to know In this tip, find out what you need to know when buying your first tape library, including when to consider a library, the cost of libraries and which format best fits your needs.

Buying the best backup tape library: Tape libraries vs. tape autoloaders Learn about how to buy the best backup tape library and the key differences between tape libraries and tape autoloaders in this tip.

Troubleshooting automated tape libraries Between shared libraries, LAN free backups, HBAs, drivers and firmware, many things can cause an automated tape library to function unpredictably. Learn how to troubleshoot automated tape library problems.

Security considerations for your library lists -- Part 1 The library list on your i5-iSeries-AS/400 controls how OS/400 searches for objects when no specific library has been coded. Changes to the library list could easily be used to execute a rogue program or cause your processing to run against an incorrect set of data. Rich Loeber says controlling how your library lists are set up on your system can mean the difference between secure and insecure processing.

Display all objects private authorities from a given library Here's a way to list all private authorities from objects in a given library. This might help you during save and restore procedures where private authorities get lost.

Step-by-step power compiler This utility finds and adds all the needed libraries for your RPG IV program and compiles it.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our AS/400 experts

View all AS/400 questions and answers

Moving files to new libraries allows access to only groups or users that are authorized

If you have a file in AS/400 that needs to be replaced in a library, but get an error message indicating that a user cannot access a library, the best option is to create a new library and give access only to the group that needs access.

Dig Deeper on iSeries system and application security

Related Q&A from Carol Woodbury

Changing password security levels and upgrading operating systems on the IBM i

Provide authorization in order for a user to start a subsystem within startup routine

Define journal code value "K"

Have a question for an expert?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

Refresh your data center cooling lexicon

Comparing Linux distributions: Red Hat vs. Ubuntu

Get eco-friendly with LEED data center certification

Dig Deeper on iSeries system and application security

Related Q&A from Carol Woodbury

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.