On 16/09/2008, at 1:56 AM, Alan Shore wrote:

I like Authorization lists, and I have used them a lot, but the unfortunate
thing with authorization lists is that if a user has *ALLOBJ, it makes no
difference whether that user is or is not on the authorization list. Unless
things have changed in the last 4 years since I last used one.

So what part of *ALLOBJ = "Authority to all objects" is unclear to you? That's how it's supposed to work. If you have given *ALLOBJ to a user they have rights to everything. If you want to limit a user's authority then don't give them *ALLOBJ.

Regards,
Simon Coulter.
--------------------------------------------------------------------
FlyByNight Software OS/400, i5/OS Technical Specialists

http://www.flybynight.com.au/
Phone: +61 2 6657 8251 Mobile: +61 0411 091 400 /"\
Fax: +61 2 6657 8251 \ /
X
ASCII Ribbon campaign against HTML E-Mail / \
--------------------------------------------------------------------




This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].