View Full Version : Autorisation list manipulation
01-01-1995, 02:00 AM
Hello all, I am writing a program to change the security attributes of objects to follow some standards that we are puting in place. At one point, I need to remove the autorisation list associated with an object. I know I can use the EDTOBJAUT command but I need a way to do it in batch. At V4R4M0, I can do it with the command GRTOBJAUT OBJ(xxx) OBJTYPE(xxx) AUTL(*NONE). But this does not works with earlier version. Does any one know of a way to do this in a CL program? (I need a solution that works at v4r2) thanks
09-05-2000, 02:39 PM
Denis, The only way I know of, is the AUT keyword on GRTOBJAUT. This will set the authority from *exclude to *ALL for a user profile or group profile. Hope this helps, Bret
09-05-2000, 04:15 PM
Does CHGAUT exist at V4R2, and does it allow AUTL(*NONE)?
09-05-2000, 04:25 PM
What about Revoke Object Authority (RVKOBJAUT)? I believe you can run it in batch, but I am not certain any longer. There must be a way to manipulate authority in batch mode because my old group used a batch job to reset production authorities after each and every installation. So, if RVKOBJAUT won't do the trick, there must be something out there that will. Have you tried this command?
09-06-2000, 06:24 AM
CHGAUT will do the trick. I will just have to use IFS notation. But in IFS notation an object is specified like this: /qsys.lib/mylib.lib/object.type The part (/qsys.lib/mylib.lib/object.) is easy to compute in a CL but the last part (type) is not obvious for me. I know that "lib" is for library. I guess "pgm" is for program but there are a lot of different object type. Is there an easy way to find out the correct extention in IFS notation for any object?
09-06-2000, 06:28 AM
RVKOBJAUT will work. But I need to specified the name the the autorisation list to be revoked (there are no special word like *none). Unfortunatly, to extract the name of the autorisation liste associated with an object, I must go trought the process of generating an outfile and then reading it. Do you know of an easier way to get the name of the autorization list?
09-06-2000, 12:35 PM
The type is always the object type. If you were changing it for program (*PGM) MyPgm in lib MyLib, it would be /qsys.lib/MyLib.lib/MyPgm.pgm For a user space (*usrspc) MyUsrSpace, it would be /qsys.lib/MyLib.lib/MyUsrSpace.usrspc I don't know if it'll allow something like /qsys.lib/mylib.lib/*. Also, for files and members, I don't know if you'd have to do them separately or what the implications of doing one but not the other would be: /qsys.lib/MyLib.lib/MyFile.file/MyMbr.mbr /qsys.lib/MyLib.lib/MyFile.file
Powered by vBulletin® Version 4.1.5 Copyright © 2013 vBulletin Solutions, Inc. All rights reserved.