The authority (AUT) parameter is used in create, grant, and revoke
commands. It specifies the authority granted to all users of an object.
The AUT parameter also specifies an authorization list that is
used to secure the object. Four object types allow the AUT parameter to contain
an authorization list: LIB, PGM, DTADCT, and FILE. Public authority is an i5/OS® object attribute that controls
the base set of rights to that object for all users having access to the system.
These rights can be extended or reduced for specific users. If you specify
an authorization list, the public authority in the authorization list is the
public authority for the object. The owner of an object has all authority
to the object at its creation.
If the object is created as a private
object or with the limited authority given to all users, the owner can grant
more or less authority to specific users by specifically naming them and stating
their authority in the Grant Object Authority (GRTOBJAUT) command.
The owner also can withdraw specific authority from specific users, or from
all users (publicly authorized, specifically authorized, or both) by using
the Revoke Object Authority (RVKOBJAUT) command or the Edit
Object Authority (EDTOBJAUT) command.
Values allowed
- *LIBCRTAUT
- The public authority for the object is taken from the value on the CRTAUT
parameter of the target library (the library that is to contain the object).
The public authority is determined when the object is created. If the CRTAUT
value for the library changes after the object is created, the new value does
not affect any existing objects.
- *USE
- You can perform basic operations on the object, such as running a program
or reading a file. The user cannot change the object. *USE authority provides
object operational authority, read authority, and execute authority.
- *CHANGE
- You can perform all operations on the object except those limited to the
owner or controlled by object existence authority and object management authority.
You can change and perform basic functions on the object. Change authority
provides object operational authority and all data authority.
- *ALL
- You can perform all operations except those limited to the owner or controlled
by authorization list management authority. Your can control the object's
existence, specify the security for the object, change the object, and perform
basic functions on the object. You also can change ownership of the object.
- *EXCLUDE
- You cannot access the object.
- *EXECUTE
- You can run a program or procedure or search a library or directory.
- authorization-list-name
- Specify the name of the authorization list whose authority is used.