Q
Manage Learn to apply best practices and optimize your operations.

Why are users getting the "not authorized" message?

One user writes, "My users are getting "not authorized" messages when they run queries. They have run these queries for years. The PUBLIC authority on the queries and the library objects is *CHANGE. What can I look at to figure that out? I am being forced to set PUBLIC to *ALL, and I don't really want to do that. We're at V5R3." Security expert Carol Woodbury offers some advice.

My users are getting "not authorized" messages when they run queries. They have run these queries for years. The PUBLIC authority on the queries and the library objects is *CHANGE. What can I look at to figure that out? I am being forced to set PUBLIC to *ALL, and I don't really want to do that. We're at V5R3.
I'm guessing that the "not authorized" message is actually for the file being created as a result of the query, not the query itself. You can make sure of that by running the DSPAUDJRNE command, allowing it to default to show you the AF (authority failure) entries and looking for the specific object the users weren't authorized to. Here are some things to try to determine why the user's attempts are suddenly failing. Did their group recently change? In other words, how do you have your users configured? To be a member of a group profile and the group owns their newly created objects. If that's the case, did their group membership change recently so that some users are a member of the group and some aren't so the ones that aren't can't delete the files of the ones that are?

Another thing to look at is the Create authority attribute of the library the query files are being created into. (You can see this value by running the DSPLIBD command.) By default it will be *SYSVAL and that means that the *PUBLIC authority of the file will be set to the value specified in the QCRTAUT system value.

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

Visit the ITKnowledge Exchange and get answers to your security questions fast.

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

Close