Examples: How the system restores authority

When you run the Restore Authority (RSTAUT) command, the system grants all the private authorities that it finds in each authority reference table.

The user's private authorities after the command are both of the following items:

  • The authorities from the temporary authority reference table.
  • Any authorities that are granted to the user since the save operation.

How the system restores authority–Example 1: Assume that the authority to PRICES looks like this at the time of the save operation:


                      Display Object Authority

Object . . . . . . . :   PRICES          Owner  . . . . .
  Library  . . . . . :     CONTRACTS     Primary group  .
Object type  . . . . :   *FILE
Object secured by authorization list  . . . . . . . . . .

                         Object
User        Group       Authority
OWNCP                   *ALL
DPTSM                   *CHANGE
DPTMG                   *CHANGE
WILSONJ                 *USE
*PUBLIC                 *EXCLUDE
Note: Your display looks different when your user profile has a user option setting of *EXPERT.

After you save security information, you grant and revoke several authorities to the PRICES file. Just before the restore operation, the authority looks as follows:


                      Display Object Authority

Object . . . . . . . :   PRICES          Owner  . . . . .
  Library  . . . . . :     CONTRACTS     Primary group  .
Object type  . . . . :   *FILE
Object secured by authorization list  . . . . . . . . . .

                         Object
User        Group       Authority
OWNCP                   *ALL
DPTSM                   *USE
DPTMG                   *CHANGE
WILSONJ                 *EXCLUDE
ANDERSP                 *USE
*PUBLIC                 *EXCLUDE

If authority is restored for all users, the authority to the PRICES file looks as follows:


                      Display Object Authority

Object . . . . . . . :   PRICES          Owner  . . . . .
  Library  . . . . . :     CONTRACTS     Primary group  .
Object type  . . . . :   *FILE

Object secured by authorization list  . . . . . . . . . .

                         Object
User        Group       Authority
OWNCP                   *ALL
DPTSM                   *CHANGE
DPTMG                   *CHANGE
WILSONJ                 *USE
ANDERSP                 *USE
*PUBLIC                 *EXCLUDE

Authorities for DPTSM and WILSONJ are restored to the values they have on the save media. The authority for ANDERSP remains, even though it did not exist on the save media.

How the system restores authority–Example 2: Assume that the authority for the PRICES file looks like this just before the restore operation:


                      Display Object Authority

Object . . . . . . . :   PRICES          Owner  . . . . .
  Library  . . . . . :     CONTRACTS     Primary group  .
Object type  . . . . :   *FILE

Object secured by authorization list  . . . . . . . . . .

                         Object
User        Group       Authority
OWNCP                   *ALL
DPTMG                   *CHANGE
WILSONJ                 *CHANGE
*PUBLIC                 *USE

If authority is restored for all users, the authority to the PRICES file looks as follows:


                      Display Object Authority

Object . . . . . . . :   PRICES          Owner  . . . . .
  Library  . . . . . :     CONTRACTS     Primary group  .
Object type  . . . . :   *FILE

Object secured by authorization list  . . . . . . . . . .

                         Object
User        Group       Authority
OWNCP                   *ALL
DPTSM                   *CHANGE
DPTMG                   *CHANGE
WILSONJ                 *CHANGE
*PUBLIC                 *USE

Notice that WILSONJ still has *CHANGE authority. The authority from the save media (*USE) is granted to WILSONJ, but the authority WILSONJ already has is not revoked. *USE authority is added to *CHANGE authority, so WILSONJ has *CHANGE authority.

Notice also that *PUBLIC authority is not affected by this process. Public authority is stored with the object and is handled when the object is restored. If public authority on the system is different from public authority on the save media, the public authority on the system is used.

Authority is restored to the object with the same name in the same library. In some cases, this might result in restoring authority to a different object.

If you restore authorities for an independent auxiliary storage pool (ASP), you can use the SAVASPDEV to limit the authorities that you restore. For example, you can limit the authorities to a specific independent ASP, or an ASP group. Authority is restored to the object with the same name in the same library and the same independent ASP, unless you specify another value for the RSTASPDEV parameter. A user will have separate authority reference tables for each independent ASP to which he is authorized.

Assume that you delete program PGMA in library CUSTLIB. You create a new program with the same name but different function. If you restore authority, users who were authorized to the original PGMA are now authorized to the new PGMA.