Commonly used authorities

You can specify certain sets of objects and data authorities.

Certain sets of object and data authorities are commonly required to perform operations on objects. You can specify these system-defined sets of authority (*ALL, *CHANGE, *USE) instead of individually defining the authorities needed for an object. *EXCLUDE authority is different than having no authority. *EXCLUDE authority specifically denies access to the object. Having no authority means you use the public authority defined for the object. Table 1 shows the system-defined authorities available using the object authority commands and displays.

Table 1. System-defined authority
Authority *ALL *CHANGE *USE *EXCLUDE
Object Authorities        
*OBJOPR X X X  
*OBJMGT X      
*OBJEXIST X      
*OBJALTER X      
*OBJREF X      
Data Authorities        
*READ X X X  
*ADD X X    
*UPD X X    
*DLT X X    
*EXECUTE X X X  

Table 2 shows additional system-defined authorities that are available using the WRKAUT and CHGAUT commands:

Table 2. System-defined authority
Authority *RWX *RW *RX *R *WX *W *X
Object Authorities              
*OBJOPR X X X X X X X
*OBJMGT              
*OBJEXIST              
*OBJALTER              
*OBJREF              
Data Authorities              
*READ X X X X      
*ADD X X     X X  
*UPD X X     X X  
*DLT X X     X X  
*EXECUTE X   X   X   X

The LAN Server licensed program uses access control lists to manage authority. A user's authorities are called permissions. Table 3 shows how the LAN Server permissions map to object and data authorities:

Table 3. LAN server permissions
Authority LAN server permissions
*EXCLUDE None
Object Authorities  
*OBJOPR See note 1
*OBJMGT Permission
*OBJEXIST Create, Delete
*OBJALTER Attribute
*OBJREF No equivalent
Data Authorities  
*READ Read
*ADD Create
*UPD Write
*DLT Delete
*EXECUTE Execute
   
1
Unless NONE is specified for a user in the access control list, the user is implicitly given *OBJOPR.