Defining how information can be accessed
You can define what operations can be preformed on objects, data, and fields.
Authority means the type of access allowed to an object.
Different operations require different types of authority.
Note: In some
environments, the authority associated with an object is called the object's mode
of access.
Authority to an object is divided into three categories:
- Object authority defines what operations can be performed on the object as a whole.
- Data authority defines what operations can be performed on the contents of the object.
- Field authority defines what operations can be performed on the data fields.
Table 1 describes the types of authority available and lists some examples of how the authorities are used. In most cases, accessing an object requires a combination of object, data, field authorities. Authority required for objects used by commands provides information about the authority that is required to perform a specific function.
| Authority | Name | Functions allowed |
|---|---|---|
| Object Authorities: | ||
| *OBJOPR | Object Operational | Look at the description of an object. Use the object as determined by the user's data authorities. |
| *OBJMGT | Object Management | Specify the security for the object. Move or rename the object. All functions defined for *OBJALTER and *OBJREF. |
| *OBJEXIST | Object Existence | Delete the object. Free storage of the object. Perform save and restore operations for the object1. Transfer ownership of the object. |
| *OBJALTER | Object Alter | Add, clear, initialize and reorganize members of the database files. Alter and add attributes of database files: add and remove triggers. Change the attributes of SQL packages. |
| *OBJREF | Object Reference | Specify a database file as the parent in a referential constraint. For example, you want to define a rule that a customer record must exist in the CUSMAS file before an order for the customer can be added to the CUSORD file. You need *OBJREF authority to the CUSMAS file to define this rule. |
| *AUTLMGT | Authorization List Management | Add and remove users and their authorities from the authorization list2. |
| Data Authorities: | ||
| *READ | Read | Display the contents of the object, such as viewing records in a file. |
| *ADD | Add | Add entries to an object, such as adding messages to a message queue or adding records to a file. |
| *UPD | Update | Change the entries in an object, such as changing records in a file. |
| *DLT | Delete | Remove entries from an object, such as removing messages from a message queue or deleting records from a file. |
| *EXECUTE | Execute | Run a program, service program, or SQL package. Locate an object in a library or a directory. |
| Field Authorities: | ||
| *MGT | Management | Specify the security for the field. |
| *ALTER | Alter | Change the attributes of the field. |
| *REF | Reference | Specify the field as part of the parent key in a referential constraint. |
| *READ | Read | Access the contents of the field. For example, display the contents of the field. |
| *ADD | Add | Add entries to data, such as adding information to a specific field. |
| *UPDATE | Update | Change the content of existing entries in the field. |
|
||