Authority records

An authority record is the set of authorities that have been granted to a particular user or group of users (entities) on a named object.

On objects on Windows, we can create authority records for individual users and for groups of users. On UNIX, Linux , and IBM® i, we can create authority records only for groups of users; if you grant authorities to an individual user, the authorization service creates or updates the authority record for the user's primary group so that the same authorities are granted to all the users in the group.

To be able to perform operations on an object or a queue manager, an entity (a user or a group) must have an authority record that contains the authorities to perform those operations. For example, for a user called User337 to be able to put messages on queue Q1, User337 or a group to which User337 belongs must have an authority record that contains the Put authority.

We can grant authorities on single objects by creating an authority record against a specific profile, or we can grant authorities on multiple objects by creating an authority record against a generic profile. Because we can create authority records for individual users and for groups, and we can create authority records against generic profiles which can apply to multiple objects, the authorities that an individual user has on a particular object can accumulate from several sources.