News Stay informed about the latest enterprise technology news and product updates.

iSeries authority -- How the system checks it

When a user attempts to perform an operation on an object, the system verifies that the user has adequate authority for the operation. The system first checks authority to the library or directory path that contains the object. If the authority to the library or directory path is adequate, the system checks authority to the object itself. In the case of database files, authority checking is done at the time the file is opened, not when each individual operation to the file is performed.

During the authority-checking process, when any authority is found (even if it is not adequate for the requested operation) authority checking stops and access is granted or denied. The adopted authority function is the exception to this rule.

Adopted authority can override any specific (and inadequate) authority found.

When a user attempts to perform an operation on an object, the system verifies that the user has adequate authority for the operation. The system first checks authority to the library or directory path that contains the object. If the authority to the library or directory path is adequate, the system checks authority to the object itself. In the case of database files, authority checking is done at the time the file is opened, not when each individual operation to the file is performed.

During the authority-checking process, when any authority is found (even if it is not adequate for the requested operation) authority checking stops and access is granted or denied. The adopted authority function is the exception to this rule.

Adopted authority can override any specific (and inadequate) authority found.

The system verifies a user's authority to an object in the following order:

1. Object's authority - fast path

2. User's *ALLOBJ special authority

3. User's specific authority to the object

4. User's authority on the authorization list securing the object

5. Groups' *ALLOBJ special authority

6. Groups' authority to the object

7. Groups' authority on the authorization list securing the object

8. Public authority specified for the object or for the authorization list securing the object

9. Program owner's authority, if adopted authority is used

Authority from one or more of the user's groups may be accumulated to find sufficient authority for the object being accessed.

Note: This information was submitted by Search400.com expert Ken Graap. It is an IBM software technical document.


About the author: Kenneth Graap is a senior AS/400e system administrator at Northwest Natural Gas in Portland, Ore. He has extensive experience in all aspects of iSeries systems management. That includes proactive performance tuning, system software upgrades and maintenance, hardware upgrade planning, backup/recovery procedures and security.

Dig Deeper on iSeries system and application security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

Close