Here's a way to list all private authorities from objects in a given library. This might help you during save and...
restore procedures where private authorities get lost.
Display object private authorities
During an object restore following attributes are kept:
* Owner value
* Primary Group profile value
* Authorization list value
* *PUBLIC authority value
As you might be aware of, private authorities get lost during a save/restore process even if the target system is the same as the source system.
The only way to avoid this -- it is a complicated process – but proceed as follows:
* Restore user profiles
* Restore objects
* Run command RSTAUT to reapply all the private authorities
This might be run during a system restore or migration but not when restoring a few objects or libraries to your system.
Therefore, it might be interesting to know, in a given library, which objects have such private authorities before restoring them, in order to reapply these private authorities manually.
I've written a short procedure to get a list about all private authorities on all objects in a given library.
Proceed with the following to get the list:
* Select option
* Work with objects
* In the field library, enter the specific library you want to scan for private authorities on objects (here SAUVAJE1)
* The other three fields must be left to value *ALL
The following steps have to be done only once, the first time you use this process:
* Press function key F16=User options
* Press function key F6=Create, to create a user defined option DO (or any other option value) for the DSPOBJAUT command. (Due to the fact that the command DSPOBJAUT does not allow *ALL as object name, you have to use this manual trick). * Enter following command string as Command value : DSPOBJAUT OBJ(&L/&N) OBJTYPE(&T) OUTPUT(*OUTFILE) OUTFILE(QTEMP/JMS) OUTMBR(*FIRST *ADD) The Display Object Authority results will be written in the above file QTEMP/JMS. This can be changed to any other value.
* Press Enter
* Use F3=Exit to return to the Work with Objects using the PDM screen displaying your library content
The command DSPOBJAUT displays the following information in the output file:
* All private authorities
* Authorization list name
* Public authority
* Primary group
From the file content, we need the private authorities information only.
Therefore, we will use Query to extract the needed information (private authorities) from the file.
* Enter command WRKQRY
* Create a new query named LSTPRVAUT (Lists all private authorities on Objects.)
* Specify the input file name (here QTEMP/JMS). Be aware that files in QTEMP can not be queried in batch.
This selection avoids *PUBLIC authority and Owners authority to be listed and keeps private authorities only.
* Select an appropriate output type and output form
* Run the query and check the output
MORE INFORMATION ON THIS TOPIC
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Check out this Search400.com Featured Topic: Top ten security tips
Visit the ITKnowledge Exchange and get answers to your security questions fast.