Manage Learn to apply best practices and optimize your operations.

Display all objects private authorities from a given library

Here's a way to list all private authorities from objects in a given library. This might help you during save and restore procedures where private authorities get lost.

Here's a way to list all private authorities from objects in a given library. This might help you during save and...

restore procedures where private authorities get lost.

Display object private authorities

During an object restore following attributes are kept:

* Owner value
* Primary Group profile value
* Authorization list value
* *PUBLIC authority value

As you might be aware of, private authorities get lost during a save/restore process even if the target system is the same as the source system.

The only way to avoid this -- it is a complicated process – but proceed as follows:

* Restore user profiles
* Restore objects
* Run command RSTAUT to reapply all the private authorities

This might be run during a system restore or migration but not when restoring a few objects or libraries to your system.

Therefore, it might be interesting to know, in a given library, which objects have such private authorities before restoring them, in order to reapply these private authorities manually.

I've written a short procedure to get a list about all private authorities on all objects in a given library.

Proceed with the following to get the list:

* Select option
* Work with objects
* In the field library, enter the specific library you want to scan for private authorities on objects (here SAUVAJE1)
* The other three fields must be left to value *ALL

The following steps have to be done only once, the first time you use this process:

* Press function key F16=User options
* Press function key F6=Create, to create a user defined option DO (or any other option value) for the DSPOBJAUT command. (Due to the fact that the command DSPOBJAUT does not allow *ALL as object name, you have to use this manual trick). * Enter following command string as Command value : DSPOBJAUT OBJ(&L/&N) OBJTYPE(&T) OUTPUT(*OUTFILE) OUTFILE(QTEMP/JMS) OUTMBR(*FIRST *ADD) The Display Object Authority results will be written in the above file QTEMP/JMS. This can be changed to any other value.
* Press Enter
* Use F3=Exit to return to the Work with Objects using the PDM screen displaying your library content

* Enter option DO in front of the first object and press function key F13=Repeat to extend the option to all the objects in the library
* Press Enter
* Wait for the command to complete, this might run several minutes depending on the number of objects to proceed

The command DSPOBJAUT displays the following information in the output file:

* All private authorities
* Authorization list name
* Public authority
* Primary group

From the file content, we need the private authorities information only.

Therefore, we will use Query to extract the needed information (private authorities) from the file.

* Enter command WRKQRY
* Create a new query named LSTPRVAUT (Lists all private authorities on Objects.)
* Specify the input file name (here QTEMP/JMS). Be aware that files in QTEMP can not be queried in batch.

* Select and sequence the following fields (OASYST, OALIB, OANAME, OAUSR, OAOBJA)

* Select the following records (OAUSR NE *PUBLIC and OAUSR NE OAOWN)

This selection avoids *PUBLIC authority and Owners authority to be listed and keeps private authorities only.

* Select an appropriate output type and output form
* Run the query and check the output


The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Featured Topic: Top ten security tips

Visit the ITKnowledge Exchange and get answers to your security questions fast.

Dig Deeper on iSeries system and application security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.