Q
Manage Learn to apply best practices and optimize your operations.

Prevent access for a user with *ALLOBJ special authority

Is there a way to prevent a user with *ALLOBJ special authority from accessing specific files/programs until I can get the *ALLOBJ authority away from them? Search400.com expert Richard Belles explains.

Is there a way to prevent a user with *ALLOBJ special authority from accessing specific files/programs until I...

can get the *ALLOBJ authority away from them?

A user with *ALLOBJ special authority has access to all objects on the system, no matter how the authority for the objects is set. You can, however, take a different approach to take away access to the files. First, create a group profile with *ALLOBJ special authority using the CRTUSRPRF command. Make the user a member of this group with the CHGUSRPRF command. Also, take away the user's *ALLOBJ special Authority. Use EDTOBJAUT for the individual files/programs and exclude the user from them.

Now, the user will not have access to the files/programs, but will have access to everything else on the system. OS/400 checks the individual user's authority to an object before it checks the group profile's special authority.

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: tips, tutorials and more.

Ask your OS/400 questions--or help out your peers by answering them--in our live OS/400 discussion forums.

Ask the Experts yourself: Our OS/400 gurus are waiting to answer your questions.


This was last published in August 2001

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

Close