April 11

0 comments

Use IBM i Authorization Lists to Control Access

By NickLitten

April 11, 2022

AUTL

How can I use IBM i authorization lists to control access?

IBM i (AS400/iSeries) authorization lists are a powerful tool for controlling access to objects within your system. Let’s explore how you can effectively use them:

  1. Understanding Authorization Lists:
  • An authorization list is an object that contains a list of user profiles and their associated object authorities.
  • By granting or denying access to the authorization list, you control access to all objects covered by that list.
  • Authorization lists provide a layer of abstraction between users and objects, simplifying security management.
  1. Creating an Authorization List:
  • To create an authorization list, use the CRTAUTL command.
  • Specify the list’s name, description, and any initial user profiles you want to include.
  • For example:
    shell CRTAUTL AUTL(MYLIB/MYAUTL) TEXT('My Authorization List') AUT(*EXCLUDE) OBJAUT(*ALL)
    This creates an authorization list named MYAUTL in library MYLIB, excluding all users initially.
  1. Adding User Profiles:
  • Use the ADDAUTLE command to add user profiles to an authorization list.
  • For example:
    shell ADDAUTLE AUTL(MYLIB/MYAUTL) USER(USER1) AUT(*USE)
    This grants use authority to USER1 for all objects covered by MYAUTL.
  1. Assigning Authorization Lists to Objects:
  • Use the CHGOBJAUT command to assign an authorization list to an object.
  • For example:
    shell CHGOBJAUT OBJ(MYLIB/MYFILE) OBJTYPE(*FILE) AUTL(MYLIB/MYAUTL)
    This associates MYAUTL with the file MYFILE.
  1. Checking Authorization List Entries:
  • Use the DSPAUTLE command to display the contents of an authorization list.
  • For example:
    shell DSPAUTLE AUTL(MYLIB/MYAUTL)
    This shows the user profiles and their associated authorities in MYAUTL.
  1. Reviewing and Maintaining:
  • Regularly review and update your authorization lists.
  • Remove or modify user profiles as needed.
  • Ensure that only authorized users have access to critical objects.

Remember that authorization lists provide a flexible and efficient way to manage security. By using them effectively, you can control access to your IBM i objects with precision. If you need further assistance or have specific scenarios, feel free to ask in the comment section!

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Join the IBM i Community for FREE Presentations, Lessons, Hints and Tips

>