Sequence for restoring security information

Recovering your system often requires restoring data and associated security information. It is essential that you restore security information in the correct sequence. Otherwise, object ownership and authority information is not restored correctly and your applications might not run correctly.

Security information on your system consists of the following items:

  • User profiles and group profiles
  • Authorization lists
  • Authority holders
  • Authority information that is stored with objects:
    • Owner
    • Owner authority
    • Primary group
    • Primary group authority
    • Public authority
    • Authority list
  • Private authorities
  • Digital Certificate Manager (DCM) data
  • Function usage information

The recovery checklists include the correct sequence of steps for restoring security information. If you are developing your own restore procedure, restore security information in the following sequence:

  1. Restore user profiles.
    The user profile that owns an object must exist before the object can be restored.

    If you restore all user profiles (RSTUSRPRF USRPRF(*ALL)), you also restore authorization lists, authority holders, and other security information. Authorization lists and authority holders must also be on the system before you restore objects.

  2. Restore objects (RSTCFG, RSTLIB, RSTOBJ, RSTDLO or RST).
    This restores ownership and the authority information that is stored with the object.
  3. Use the Restore Authority (RSTAUT) command to restore the private authorities to objects.
Note: Alternatively, you can restore private authorities for objects by specifying the PVTAUT(*YES) parameter on the restore command.