RE: Auth lists - library or object level

Thanks Birgitta,

I may not have explained with clarity.

I want to use *AUTL to secure different environments and apply the *AUTL
to a library rather than to every object in the library.

So for example we have APP_A and APP_B, lets have library APP_A and APP_B.

I can then create two *AUTL, lets say AUTL_A and AUTL_B

I then set up the users like.

AUTL_A
*PUBLIC *EXCLUDE
USERA1 *ALL
USERA2 *ALL
USERA3 *CHANGE

AUTL_B
*PUBLIC *EXCLUDE
USERB1 *ALL
USERB2 *ALL
USERB3 *CHANGE

I then assign the *AUTL to the respective libraries.

But there were some objects in the library owned by different profiles
that the user was not authorised to and to get the user access would
require granting that user access to the owner profile, not the hole I
wanted to go down.

I was looking for some examples where this had been done.

But the SQL you provided will also be useful after I get this set up.

Thanks
Don

 

Don Brown

Senior Consultant
 
[1]OneTeam IT Pty Ltd
P: 1300 088 400

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Birgitta Hauser
Sent: Tuesday, 25 November 2025 9:37 PM
To: 'Midrange Systems Technical Discussion'
<midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: Auth lists - library or object level

I'm not quite sure, what exactly you search, but the following SQL example
can be found in the Examples List in ACS (Run SQL Scripts):

-- Description: Find objects not included in the authorization list for
-- Schema = TOYSTORE Authorization List = TOYSTOREAL With ALLOBJS
(OBJNAME, OBJDEFINER, OBJTYPE, SQL_OBJECT_TYPE) As (
Select OBJNAME, OBJDEFINER, OBJTYPE, SQL_OBJECT_TYPE
From Table (
QSYS2.OBJECT_STATISTICS('TOYSTORE', 'ALL')
) O
),
AUTLOBJS (OBJNAME) As (
Select SYSTEM_OBJECT_NAME
From QSYS2.AUTHORIZATION_LIST_INFO B
Where B.AUTHORIZATION_LIST = 'TOYSTOREAL'
)
Select A.OBJNAME, OBJDEFINER, OBJTYPE, SQL_OBJECT_TYPE
From ALLOBJS A
Left Exception Join AUTLOBJS B
On A.OBJNAME = B.OBJNAME;

Hope this helps

Mit freundlichen Gr��en / Best regards

Birgitta Hauser
Modernization - Education - Consulting on IBM i Database and Software
Architect IBM Champion since 2020

"Shoot for the moon, even if you miss, you'll land among the stars." (Les
Brown)
"If you think education is expensive, try ignorance." (Derek Bok) "What is
worse than training your staff and losing them? Not training them and
keeping them!"
"Train people well enough so they can leave, treat them well enough so
they don't want to. " (Richard Branson) "Learning is experience .
everything else is only information!" (Albert
Einstein)

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Don
Brown via MIDRANGE-L
Sent: Tuesday, 25 November 2025 11:08
To: midrange-l@xxxxxxxxxxxxxxxxxx
Cc: Don Brown <dbrown@xxxxxxxxxxxxxxxx>
Subject: Auth lists - library or object level

I am trying to find some examples of using authorisation lists and
specifically from the point of view do I apply at the library level or the
individual object level.

For my requirement I think the library level will be perfect but I have
done a little testing and not getting the results I expected.

I have been searching for examples or a redbook but everything I have
found just goes into haw to create a list and how to apply it to an
obkect.

Hopefully someone will have a good link I can review.

Thanks

Don

Brisbane - Sydney - Melbourne

Don Brown

Senior Consultant

P: 1300 088 400

DISCLAIMER. Before opening any attachments, check them for viruses and
defects. This email and its attachments may contain confidential
information. If you are not the intended recipient, please do not read,
distribute or copy this email or its attachments but notify sender and
delete it. Any views expressed in this email are those of the individual
sender
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: [2]https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
[3]https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: [4]https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
[5]https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

--
Message protected by MailGuard: e-mail anti-virus, anti-spam and content
filtering.
[6]https://www.mailguard.com.au

References

Visible links
1. https://www.oneteamit.com.au/
2. https://lists.midrange.com/mailman/listinfo/midrange-l
3. https://archive.midrange.com/midrange-l.
4. https://lists.midrange.com/mailman/listinfo/midrange-l
5. https://archive.midrange.com/midrange-l.
6. https://www.mailguard.com.au/