IBM Power Systems

IBM Power Systems

About This Blog

Warm wishes and welcome to all AS400 Administrators and Operators.



This is exclusive blog for iSeries system Administrators working anywhere in the world. Also a place for guys and gals who want to share knowledge pertaining to iSeries. This blog has been designed for exchanging knowledge on AS400 or iSeries server administration and operations.



Thursday, April 15, 2010

Security Information Changes When an Object is Restored

When an object is restored to the system, the system uses the authority information stored with the object. The following applies to security of the restored object:
Object Ownership

o If the profile that owns the object is on the system, ownership is restored to that profile.
o If the owner profile does not exist on the system, ownership of the object is given to the QDFTOWN (default owner) user profile.
o If the object exists on the system and the owner on the system is different than the owner on the save media, the object is not restored unless ALWOBJDIF(*ALL) is specified. In that case, the object is restored, and the owner on the system is used.
o See “Restoring Programs” on page 219 for additional considerations when restoring programs.

Primary Group
For an object that does not exist on the system:

o If the profile that is the primary group for the object is on the system, the primary group value and authority are restored for the object.
o If the profile that is the primary group does not exist on the system:
- The primary group for the object is set to none.
- The primary group authority is set to no authority.
When an existing object is restored, the primary group for the object is not changed by the restore operation.

Public Authority

o If the object being restored does not exist on the system, public authority is set to the public authority of the saved object.
o If the object being restored does exist and is being replaced, public authority is not changed. The public authority from the saved version of the object is not used.
o The CRTAUT for the library is not used when restoring objects to the library.

Authorization List
o If an object other than a document or folder already exists on the system and is linked to an authorization list, the ALWOBJDIF parameter determines the result:
- If ALWOBJDIF(*NONE) is specified, the existing object must have the same authorization list as the saved object. If not, the object is not restored.
- If ALWOBJDIF(*ALL) is specified, the object is restored. The object is linked to the authorization list associated with the existing object.
o If a document or folder that already exists on the system is restored, the authorization list associated with the object on the system is used. The authorization list from the saved document or folder is not used.
o If the authorization list does not exist on the system, the object is restored without being linked to an authorization list and the public authority is changed to *EXCLUDE.
o If the object is being restored on the same system from which it was saved, the object is linked to the authorization list again.
o If the object is being restored on a different system, the ALWOBJDIF parameter on the restore command is used to determine if the object is linked to the authorization list:
- If ALWOBJDIF(*ALL) is specified, the object is linked to the authorization list.
- If ALWOBJDIF(*NONE) is specified, the object is not linked to the authorization list and the public authority of the object is changed to *EXCLUDE.

Private Authorities
o Private authority is saved with user profiles rather than with objects.
o If user profiles have private authority to an object being restored, those private authorities are usually not affected. Restoring certain types of programs may result in private authorities being revoked.
o If an object is deleted from the system and then restored from a saved version, private authority for the object no longer exists on the system. When an object is deleted, all private authority to the object is removed from user profiles.
o If private authorities must be recovered, the Restore Authority (RSTAUT) command must be used. The normal sequence is:
a) Restore user profiles
b) Restore objects
c)  Restore authority

No comments:

Post a Comment