×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
So I'm continuing down my Journey of Enlightenment with authorization.
I'm comfortable with using authorization lists, and it's really nice to
set the CRTAUT parameter on a library to a default authorization list.
But I'm running into a situation that I can't quite bring to an
intuitive resolution.
I have an AUTL in the CRTAUT parameter of the library. My AUTL has
three entries: *PUBLIC *EXCLUDE, the owner of the AUTL has *ALL
authority, and a second profile has *USE authority. The basic idea is
to have one full access user (the owner) and one read-only access user.
Individual user profiles that need access to the objects use one of
those two as their group profile, and nobody else has access. Simple
enough. I created a program to reset all the objects in a library and I
thought the simplest would be to revoke all individual authorities and
limit all access to the authorization list. Done that way, authorities
look like this:
Object secured by authorization list . . . . . . . . . . . . MVXDATA
Object
User Group Authority
*PUBLIC *EXCLUDE
This works as desired. Only the profiles in the authorization list have
access. I'd love this to be the default, and to be honest it's kind of
what I expected would be assigned to a new object in the library. But
when I create a new object, it gets this authority:
Object secured by authorization list . . . . . . . . . . . . MVXDATA
Object
User Group Authority
*PUBLIC *AUTL
*GROUP MOVEX *ALL
I sort of understand the *PUBLIC *AUTL rather than *PUBLIC *EXCLUDE.
That allows me to actually open the objects up to public use through the
authorization list should I choose to do so. But what bothers me is the
entry for MOVEX. MOVEX is the owner of the authorization list. MOVEX
has *ALL authority in my authorization list. Do I also need it in each
object? I guess I'm wondering what would be the downside of removing
the private authority for user MOVEX and instead relying solely on the
authorization list? Sure, if I change the authorization list I can
theoretically remove access for even the file's owner, but that's on me
(and is easy to fix).
I just think it's cleaner to remove all private authority, even for the
owner. But maybe I'm missing something?
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
