Manage Learn to apply best practices and optimize your operations.

Display all objects private authorities from a given library

Here's a way to list all private authorities from objects in a given library. This might help you during save and restore procedures where private authorities get lost.

Here's a way to list all private authorities from objects in a given library. This might help you during save and...

restore procedures where private authorities get lost.

Display object private authorities

During an object restore following attributes are kept:

* Owner value
* Primary Group profile value
* Authorization list value
* *PUBLIC authority value

As you might be aware of, private authorities get lost during a save/restore process even if the target system is the same as the source system.

The only way to avoid this -- it is a complicated process – but proceed as follows:

* Restore user profiles
* Restore objects
* Run command RSTAUT to reapply all the private authorities

This might be run during a system restore or migration but not when restoring a few objects or libraries to your system.

Therefore, it might be interesting to know, in a given library, which objects have such private authorities before restoring them, in order to reapply these private authorities manually.

I've written a short procedure to get a list about all private authorities on all objects in a given library.

Proceed with the following to get the list:

* Select option
* Work with objects
* In the field library, enter the specific library you want to scan for private authorities on objects (here SAUVAJE1)
* The other three fields must be left to value *ALL

The following steps have to be done only once, the first time you use this process:

* Press function key F16=User options
* Press function key F6=Create, to create a user defined option DO (or any other option value) for the DSPOBJAUT command. (Due to the fact that the command DSPOBJAUT does not allow *ALL as object name, you have to use this manual trick). * Enter following command string as Command value : DSPOBJAUT OBJ(&L/&N) OBJTYPE(&T) OUTPUT(*OUTFILE) OUTFILE(QTEMP/JMS) OUTMBR(*FIRST *ADD) The Display Object Authority results will be written in the above file QTEMP/JMS. This can be changed to any other value.
* Press Enter
* Use F3=Exit to return to the Work with Objects using the PDM screen displaying your library content

The command DSPOBJAUT displays the following information in the output file:

* All private authorities
* Authorization list name
* Public authority
* Primary group

From the file content, we need the private authorities information only.

Therefore, we will use Query to extract the needed information (private authorities) from the file.

* Enter command WRKQRY
* Create a new query named LSTPRVAUT (Lists all private authorities on Objects.)
* Specify the input file name (here QTEMP/JMS). Be aware that files in QTEMP can not be queried in batch.

This selection avoids *PUBLIC authority and Owners authority to be listed and keeps private authorities only.

* Select an appropriate output type and output form
* Run the query and check the output


The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Featured Topic: Top ten security tips

Visit the ITKnowledge Exchange and get answers to your security questions fast.

* Enter option DO in front of the first object and press function key F13=Repeat to extend the option to all the objects in the library * Press Enter * Wait for the command to complete, this might run several minutes depending on the number of objects to proceed * Select and sequence the following fields (OASYST, OALIB, OANAME, OAUSR, OAOBJA) * Select the following records (OAUSR NE *PUBLIC and OAUSR NE OAOWN)

Dig Deeper on iSeries system and application security