Limiting access to files and data when creating files

Specifying authorities allows you to control access to a file.

Specifying authorities when creating files:

To specify public authority when you create a file, use the AUT parameter on the create command.

What public authority is:

Public authority is authority that is available to any user who does not have specific authority to the file or who is not a member of a group that has specific authority to the file. That is, if the user has specific authority to a file or the user is a member of a group with specific authority, then the public authority is not checked when a user performs an operation to the file. Public authority can be specified as:

• *LIBCRTAUT. All users that do not have specific user or group authority to the file have authority determined by the library in which the file is being created. The library value is specified by the *CRTAUT command to establish a public authority for this library.
• *CHANGE. All users that do not have specific user or group authority to the file have authority to use the file. The *CHANGE value is the default public authority. *CHANGE grants any user object operational and all data authorities.
• *USE. All users that do not have specific user or group authority to the file have authority to use the file. *USE grants any user object operational, execute, and read data authority.
• *EXCLUDE. Only the owner, security officer, users with specific authority, or users who are members of a group with specific authority can change or use the file.
• *ALL. All users that do not have specific user or group authority to the file have all data authorities and all object authorities.
• Authorization list name. An authorization list is a list of users and their authorities. The list allows users and their different authorities to be grouped together.

Specifying or changing authorities on existing files:

To specify or change public authority on an existing file, use the Edit Object Authority (EDTOBJAUT) , Grant Object Authority (GRTOBJAUT) , or Revoke Object Authority (RVKOBJAUT ) commands to grant or revoke the public authority of a file.

For more information about using the security function on the system, see the Security - Reference, SC41-5302-04 or the Tips and Tools for Securing Your AS/400, SC41-5300-04.