Ah, thanks - this gives the full explanation - #2 is not done when the user has noHere is the way I understand this ....
*ALLOBJ on his own. #3 will be the thing that is found, when a private *EXCLUDE is
set on the object for that user. The group's *ALLOBJ is never checked.
#2 checks for *ALLOBJ special authority, if you don't have it, then checking continues on to step #3... If the object is set to *EXCLUDE for this user, then authority checking stops...and access is denied.
But if you give a user *ALLOBJ authority via a GROUP profile this allows you to modify a user's access to individual objects via private authority or authority list settings, before access is allowed via *ALLOBJ.
Reply or Forwarded mail from: Kenneth E Graap
This mailing list archive is Copyright 1997-2015 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact