× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. May 2017

Re: Mass authority change?

Justin:

NOTE: if any of these PFs or LFs are "in use" your efforts to change the private authorities will fail. So, not something you can easily do "during the day" or while "production" jobs are running. Perhaps later at night? You might need to hold some job queues, and allow any currently running jobs to "quiesce"...

Also, while you are doing this, you could create an "authorization list" (CRTAUTL ...) where the name of the *AUTL is the same as the library containing those objects. Then, when you do that operation to change the authority on those objects, you can attach the *AUTL to each object,

Specify the *AUTL for the entire library, e.g. CHGLIB LIB(XYZ) CRTAUT(XYZ) -- that way, any new objects created in this library will have that *AUTL attached automatically by default.

Then, your objects should have only the object owner (with *ALL authority) and *PUBLIC *USE or *EXCLUDE (depending on your security requirements), and all other private authorities (using "role based" group profiles as much as possible) assigned via the authorization list.

The *AUTL adds "one more level of indirection" and so then you will be able to make future authority changes to the *AUTL, during the day, while these applications are "active."

Having only the OWNER, *PUBLIC and an *AUTL defined for "private authority" on objects allows the Operating System to use a "fast path" for determining whether a user is "authorized" to a particular object.

Hope that helps,

Mark S.Waterbury

> On 5/16/2017 1:19 PM, Justin Taylor wrote:
I have an existing library with a large number of PF's & LF's. I have a service account that I want to set *EXCLUDE for every one of those PF's & LF's (then I will grant authority to the few that are actually needed). Is there a good way to do this?

Thanks



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.