After, you create an user profile in AS400, it is required for Admin to ensure this user profile has been added to relevant authorization list.
What is Authorization list and how is it useful?
An Authorization list is a special system level object that resides in QSYS library with object type *AUTL. It simply defines user authority for objects belong to the list. Instead of providing individual private authority to an object when it is created, it is better to associate an object with appropriate Authorization list. The list will control individual and *PUBLIC authority of the object in the list.
It is beneficial in following way:-
1- Individual size of user profile is kept much lower by using Authorization list.
2- System performance is improved when running SAVSYS backup and saving security information by using SAVSECDTA.
3- Security changes can be made to object when the list are open and active. Only objects with private authority needs to be used when not in use.
How to create Authorization list?
Use command CRTAUTL to create a new Authorization list.
Set *PUBLIC authority level using AUT parameter.
Once this is created you can work on it using EDTAUTL command.
You can grant object authority by GRTOBJAUT command or by adding objects to the list by ADDAUTLE.
Steps to create authorization list and add users is listed below.
1- Create authorization list, example
CRTAUTL AUTL(JOBSC) TEXT('job scheduler job')
When you do this the *PUBLIC authority will get the authority that you have selected, I have selected *CHANGE
Your ID will be added to this authorization list as you are the owner.
2- Add the objects that you want to secure using this AUTL.
The objects that you want to secure needs to be added to this AUTL. This can be done by EDTAUTL command. Here I want to secure CRTAUTL command access. So, I did the following
What is Authorization list and how is it useful?
An Authorization list is a special system level object that resides in QSYS library with object type *AUTL. It simply defines user authority for objects belong to the list. Instead of providing individual private authority to an object when it is created, it is better to associate an object with appropriate Authorization list. The list will control individual and *PUBLIC authority of the object in the list.
It is beneficial in following way:-
1- Individual size of user profile is kept much lower by using Authorization list.
2- System performance is improved when running SAVSYS backup and saving security information by using SAVSECDTA.
3- Security changes can be made to object when the list are open and active. Only objects with private authority needs to be used when not in use.
How to create Authorization list?
Use command CRTAUTL to create a new Authorization list.
Set *PUBLIC authority level using AUT parameter.
Once this is created you can work on it using EDTAUTL command.
You can grant object authority by GRTOBJAUT command or by adding objects to the list by ADDAUTLE.
Steps to create authorization list and add users is listed below.
1- Create authorization list, example
CRTAUTL AUTL(JOBSC) TEXT('job scheduler job')
When you do this the *PUBLIC authority will get the authority that you have selected, I have selected *CHANGE
Your ID will be added to this authorization list as you are the owner.
2- Add the objects that you want to secure using this AUTL.
The objects that you want to secure needs to be added to this AUTL. This can be done by EDTAUTL command. Here I want to secure CRTAUTL command access. So, I did the following
You can check the objects by taking F15 after entering the AUTL list.
3- Add other users that you want to secure via this authorization list.
ADDAUTLE command would do this
You can check the users added to this AUTL by taking option 5 next to the AUTL.
You can delete the authorization list by DLTAUTL command.
No comments:
Post a Comment