We put updateable objects (files, data queues, etc.) in one library and
static stuff (programs) in another. Everything in the one library is
secured by one authorization list. Everything in the other is secured by
a different authorization list. Users are listed in the authorization
lists. In one they have *ALL, in the other *USE. See also CHGLIB DATALIB
CRTAUT(DATAAUTL) to assign an authorization list to all new objects
created in that library.

An alternative philosophy is that the users have *EXCLUDE to all data
objects. They can only access those objects with adopted authority
programs. This stops them dead from accessing data with Query/400,
downloading to their PC's, etc. Frankly that wouldn't fly here.


It's also been my belief that daily close is not normally initiated by
some user going to a command line and typing in:
It's normally from some 5250 menu. And the menu system is not a menu
created with CRTMNU. The individual options are stored in a file and the
options are restricted by user. So, if you're 5250 based, web based, or
whatever you may want to see if you can adopt some adaptation of this into
your system.

See also "Changing to level 30 from a lower level":

Rob Berendt

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].