Same thing I said, I think. The more ways we can say this, the better to
On 1/2/2013 4:31 PM, Graap, Kenneth wrote:
Ah, thanks - this gives the full explanation - #2 is not done when the user has no
Here is the way I understand this ....
*ALLOBJ on his own. #3 will be the thing that is found, when a private *EXCLUDE is
set on the object for that user. The group's *ALLOBJ is never checked.
#2 checks for *ALLOBJ special authority, if you don't have it, then checking continues on to step #3... If the object is set to *EXCLUDE for this user, then authority checking stops...and access is denied.
But if you give a user *ALLOBJ authority via a GROUP profile this allows you to modify a user's access to individual objects via private authority or authority list settings, before access is allowed via *ALLOBJ.
Reply or Forwarded mail from: Kenneth E Graap