The default for authority on newly-created objects is to adopt the create authority from the library. When a library is created, the default value for its create authority is derived from system value QCRTAUT. The default value for QCRTAUT is *CHANGE.

Be careful about changing this arrangement. In the case of non-file objects, public authority cannot be *EXCLUDE if they are to work. Output queues, for example, need public *CHANGE authority to function.

Consider changing the default on the CRTLIB command to public authority of *EXCLUDE and then selectively authorize users to the library, possibly through group profiles. Also take a look at authorization lists to secure individual objects in the library.

albartell wrote:
Thanks for everyone's input so far. One of the things that I would like to
implement is have everything be *PUBLIC *EXCLUDE as the default.  I know
this may cause more work on my end as I need to modify authorities for
specific objects, but it also keeps me from having to wonder if I should
have locked something down.
So my question.... How do I change it so newly created objects are *PUBLIC
Aaron Bartell

This thread ...

Return to Archive home page | Return to MIDRANGE.COM home page