Grant authority to an instance
The grtwasaut script grants a user authority to an instance and the objects associated with it.
Authority
To run this script, your user profile must have *ALLOBJ authority.
Usage
To grant authority to objects and directories in an instance, run the grtwasaut script from the Qshell command line. To run the script, follow these steps:
On the CL command line, run the STRQSH (Start Qshell) command.
Run the cd command to change to the directory that contains the script:
cd /QIBM/ProdData/WebASE51/ASE/binRun the grtwasaut script:
grtwasaut -instance instance -user usrprf | -authlist authlist -dtaaut dataAuth -objaut objAuthwhere instance is the instance to which you are granting authority, usrprf is the user profile to which you are granting authority, authlist is the authorization list to which you are granting authority, dataAuth specifies the data authorities that you are granting to the user specified by the -user parameter and objAuth specifies the object authorities that you are granting to the user specified by the -user parameter. You do not need to specify both the -user and -authlist parameters, but specify at least one of them.
Syntax
The syntax of the script is:
grtwasaut -instance instance { -user usrprf | -authlist authlist } { -dtaaut dataAuth | -objaut objectAuth } [ -object path ] [ -recursive ] [ -verbose ] [ -help ]
When you run the grtwasaut script, specify these paramters:
- -user, -authlist, or both
- -dtaaut, objaut, or both
Parameters
The parameters of the script are:
-instance
This is a required parameter. The value instance specifies the name of the instance to which you are granting authority.-user
The value usrprf specifies the i5/OS user profile to which you are granting authority. To grant authority to multiple user profiles, specify all of the user profiles with a single -user parameter. Enclose the list of profiles in double quotation marks ("). For example, to grant authority to usrprf1 and usrprf2, specify -user "usrprf1 usrprf2". You must specify -user, -authlist, or both.-authlist
The value authlist specifies the i5/OS authorization list to which you are granting authority. You must specify -user, -authlist, or both.-dtaaut
The value dataAuth specifies the data authorities that you are granting to the user specified by the -user parameter. Valid values are none, rwx, rx, rw, wx, r, w, x, exclude, autl, and same. The specified value replaces the user's current data authorities to the object. You must specify -dtaaut, -objaut, or both. For more information on the values for this parameter, see the CHGAUT (Change Authority) command description.-objaut
The value objAuth specifies the object authorities that you are granting to the user specified in the -user parameter. Valid values are none, all, objexist, objmgt, objalter, objref, and same. The specified value replaces the user's current object authorities to the object. You must specify -dtaaut, -objaut, or both. For more information on the values for this parameter, see the CHGAUT (Change Authority) command description.-object
The value path specifies the subdirectory or partially qualified object name to which you are granting authority. The instance root is prepended to the value to get the fully-qualified path. If you do not specify this parameter, the default value is the instance root. To grant authority to multiple objects, run the script for each object.-recursive
This optional parameter specifies whether to grant authority to all subdirectories. If you do not specify this parameter, authority is granted only to the object specified with the -object parameter, or the instance root directory if the -object parameter is not specified. This parameter applies to all objects specified with -object parameters.-verbose
This optional parameter turns on verbose messages, which can be helpful if debug the script.-help
This optional parameter displays the help message. If you specify this parameter, the script ignores all other parameters.Examples
In this example, the user profiles johndoe and jsmith are granted rwx authority to the instance devinst and the associated objects.
grtwasaut -instance devinst -user "johndoe jsmith" -dtaaut rwx -recursiveIn this example, the user profiles johndoe and jsmith are granted rwx authority to the installedApps subdirectory and all nested objects in the installedApps subdirectory.
grtwasaut -instance devinst -object installedApps -user "johndoe jsmith" -dtaaut rwx -recursive