Manage Learn to apply best practices and optimize your operations.

OS/400 V4R5 and QSECURITY=30

I secured a folder through an authorization list con PUBLIC *EXCLUDE. Users cannot see that folder. I add a user...

container authorization *USE in the list, but this user can modify the document through Client Access and in iSeries 400 session can delete it. If I create a directory with *RX for data and *NONE for object, public cannot see the directory if it has no documents, but when it has a document the user can modify it. It seems that only works well with all authority or none. Is it the right way?

To access an object, such as a document, the user must have authority to at least two things - the document itself and its "container", in other words, the folder or directory in which it resides. If a document is in nested folders, the user needs authority to all of the folders in the path. When you exclude public from a folder, no one will be able to get to any of the documents in the folder. But when you give a user *USE or *RX to a folder, that user can access any document in the folder to which they have authority. If you don't want a user to access a particular document, you will also have to exclude that user from that document. You can limit the amount of access a user has to documents by modifying the public authority of the document. For example, *USE authority would allow the user to read the document and download it, but not update or modify it. *CHANGE authority would allow the user to modify, download and upload the document but not delete it.


The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

This was last published in March 2002

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.