Manage Learn to apply best practices and optimize your operations.

OS/400 V4R5 and QSECURITY=30

I secured a folder through an authorization list con PUBLIC *EXCLUDE. Users cannot see that folder. I add a user container authorization *USE in the list, but this user can modify the document through Client Access and in iSeries 400 session can delete it. If I create a directory with *RX for data and *NONE for object, public cannot see the directory if it has no documents, but when it has a document the user can modify it. It seems that only works well with all authority or none. Is it the right way?

To access an object, such as a document, the user must have authority to at least two things - the document itself and its "container", in other words, the folder or directory in which it resides. If a document is in nested folders, the user needs authority to all of the folders in the path. When you exclude public from a folder, no one will be able to get to any of the documents in the folder. But when you give a user *USE or *RX to a folder, that user can access any document in the folder to which they have authority. If you don't want a user to access a particular document, you will also have to exclude that user from that document. You can limit the amount of access a user has to documents by modifying the public authority of the document. For example, *USE authority would allow the user to read the document and download it, but not update or modify it. *CHANGE authority would allow the user to modify, download and upload the document but not delete it.


The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.