Manage Learn to apply best practices and optimize your operations.

Private authorities and user profiles

I'm having trouble with retaining security on a program after I transfer it to another iSeries in my shop. I have a program on development that is owned by Qpgmr and only one user group has *Use authority to it. I use the savobj command to save the program to a savf and then I do a sndnetf to our production system. On prod I do a cvnetf and rstobj on the pgm. When I check authorities after the restore the program is still owned by Qpgmr, however my user group authority is missing. The user group does exist on production just in case that's a requirement. I can't figure out where I'm losing the authority. Just an F.Y.I., this transfer process is run from an in-house menu and all the commands I mentioned are done within the CL however I've double checked everything and we're not removing any authorities at the receive side. Both AS/400's are at the same OS level and Cume level. I'm baffled, any ideas on what I'm missing here?

The "feature" of OS/400 that you're missing is the fact that private authorities are not saved with an object when saving it. Here comes a bit of an OS/400 architecture lesson... the only authorities that are stored with the object are the *PUBLIC, owner's and primary group's authority. All private authorities that a user might have to an object are stored in the user's user profile object. The only time they are saved is when you are saving user profiles. So to get back the private authorities to an object, you have to restore the user profile and run the RSTAUT command. The RSTAUT command restores the private authorities, but you have to restore the profile first to build the object RSTAUT uses.


The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Dig Deeper on iSeries system and application security