MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » November 2006

Re: Setting up user security on development machine



fixed

The default for authority on newly-created objects is to adopt the create authority from the library. When a library is created, the default value for its create authority is derived from system value QCRTAUT. The default value for QCRTAUT is *CHANGE.

Be careful about changing this arrangement. In the case of non-file objects, public authority cannot be *EXCLUDE if they are to work. Output queues, for example, need public *CHANGE authority to function.

Consider changing the default on the CRTLIB command to public authority of *EXCLUDE and then selectively authorize users to the library, possibly through group profiles. Also take a look at authorization lists to secure individual objects in the library.

albartell wrote:
Thanks for everyone's input so far. One of the things that I would like to
implement is have everything be *PUBLIC *EXCLUDE as the default.  I know
this may cause more work on my end as I need to modify authorities for
specific objects, but it also keeps me from having to wonder if I should
have locked something down.
So my question.... How do I change it so newly created objects are *PUBLIC
*EXCLUDE?
Thanks,
Aaron Bartell
http://mowyourlawn.com





Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact