IBM Power Systems
About This Blog
Warm wishes and welcome to all AS400 Administrators and Operators.
This is exclusive blog for iSeries system Administrators working anywhere in the world. Also a place for guys and gals who want to share knowledge pertaining to iSeries. This blog has been designed for exchanging knowledge on AS400 or iSeries server administration and operations.
Thursday, April 15, 2010
Checking System Authority
When a user attempts to perform an operation on an object, the system verifies that the user has authority for the operation. The system first checks authority to the object library. If the authority to the library is adequate, the system checks authority to the object itself. In the case of database files, authority checking is done at the time the file is opened, not when each individual operation to the file is performed.
During the authority-checking process, when any authority is found (even if it is not adequate for the requested operation) authority checking stops and access is granted or denied. Adopted authority function is the exception to this rule. Adopted authority can override any specific (and inadequate) authority found. See the topic Objects That Adopt the Owner's Authority in the Security Reference manual for more information about adopted authority.
The system verifies a user's authority to an object in the following order:
1. User's *ALLOBJ special authority
2. User's specific authority to the object
3. User's authority on the authorization list securing the object
4. Group's *ALLOBJ special authority
5. Group's authority to the object -- see Note below.
6. Group's authority on the authorization list securing the object
7. Public authority specified for the object or for the authorization list securing the object
8. Program owner's authority, if adopted authority is used
Note: Authority from one or more of the user's groups may be accumulated to find sufficient authority for the object being accessed.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment