Quick Links

Sponsored Links

Support Goto400.com

CL Command Reference - GRTOBJAUT

CL Command List > GRTOBJAUT Reference

Description:

The Grant Object Authority (GRTOBJAUT) command grants specific authority for the objects named in the command to another user or group of users.

Authority can be given to:
. Named users
. Users (*PUBLIC) who do not have specific authority to the object or the authorization list
. Users of the object referred to by the Reference object (REFOBJ) and Reference object type (REFOBJTYPE) and parameters
. Authorization lists

If AUT(*AUTL) is specified, the PUBLIC authority for the object comes from the PUBLIC authority of the authorization list securing the object.

The AUTL parameter is used to secure an object with an authorization list or remove an authorization list from an object. User profiles cannot be secured by an authorization list (*AUTL).

This command can be used by an object¡¯s owner, or by a user with object management authority for the specified object. A user with object management authority can grant to other users any authority that the user has, except object management authority. Only the owner of the object, or someone with all object special authority (*ALLOBJ), can grant object management authority to a user.

A user with *ALL authority can assign a new authorization list.

When granting authority to users, the REPLACE parameter indicates whether the authorities you specify replace the user¡¯s existing authorities. The default value of REPLACE(*NO) gives the authority that you specify, but it does not remove any authority that is greater than you specified, unless you are granting *EXCLUDE authority. REPLACE(*YES) removes the user¡¯s current authorities, then grants the authority that you specify.

When granting authority with a reference object, this command gives the authority that you specify, but it does not remove any authority that is greater than you specified, unless you are granting *EXCLUDE authority.

This command gives the authority that you specify, but it does not remove any authority that is greater than you specified, unless you are granting *EXCLUDE authority or specify REPLACE(*YES).

Restrictions:

1. This command must get an exclusive lock on a database file before read or object operational authority can be given to a user.

2. If a user requests authority for another specified user to a device currently in use by another authorized user, authority to the device is not given.

3. Object type *AUTL cannot be specified.

4. AUT(*AUTL) is valid only with USER(*PUBLIC).

5. A user must either be the owner of the object or have *ALL authority to use the AUTL parameter.

6. The user must have object management authority to the object.

7. If the object is a file, the user must have object operational and object management authorities.

8. For display stations or for work station message queues associated with the display station, if this command is not entered at the device for which authorities are to be granted, it should be preceded by the Allocate Object (ALCOBJ) command and followed by the Deallocate Object (DLCOBJ) command.

9. You must have *USE authority to the auxiliary storage pool device if one is specified.

Note: Caution should be used when changing the public authority on IBM-supplied objects. For example, changing the public authority on the QSYSOPR message queue to be more restrictive than *CHANGE will cause some system programs to fail. The system programs will not have enough authority to send messages to the QSYSOPR message queue.


Examples:

Example 1: Granting Authority to All Users

GRTOBJAUT OBJ(USERLIB/PROGRAM1) OBJTYPE(*PGM) USER(*PUBLIC)

This command gives authority to use the object named PROGRAM1 to all users of the system who do not have authorities specifically given to them, who are not on an authorization list, whose user groups do not have authority to the object, or whose user groups are not on the authorization list. The object is a program (*PGM) located in the library named USERLIB. Because the AUT parameter is not specified, the authority given to all users is change authority. This allows all users to run the program and to debug it.



Example 2: Granting Object Management Authority

GRTOBJAUT OBJ(ARLIB/PROGRAM2) OBJTYPE(*PGM) USER(TMSMITH)
AUT(*OBJMGT)

This command gives object management authority to user named TMSMITH. This authority allows TMSMITH to grant to others personally possessed authorities for the object named PROGRAM2, which is a program located in the library named ARLIB.



Example 3: Granting Authority to Users on Authorization List

GRTOBJAUT OBJ(MYLIB/PRGM3) OBJTYPE(*PGM) AUTL(KLIST)

This command gives to users the authority specified for them on authorization list KLIST for the object named PRGM3. The object is a program located in library MYLIB.