About save file security
The authority you grant for a save file is the same as for any file. Be careful when granting authority for save files. The authority you grant to the save file allows access to objects in the save file.
For example, the same file can be read from and written to by a high-level language program. The authority you grant for a particular save file should depend on what objects are in the file.
Consider the following factors when granting authorities to save files:
- A user with use (*USE) authority can read records and restore objects from the save file. This user can save the contents of the save file to tape or optical media.
- A user with use (*USE) and add (*ADD) authority can write records and save objects in a save file.
- A user with object operational (*OBJOPR) and object management (*OBJMGT) authority can clear the contents of a save file using the CLRSAVF command. The clear operation is required first when replacing existing records in a save file.
- A user with either save system (*SAVSYS) special authority or object existence (*OBJEXIST) authority for the file can save the description and contents.
Digital signature for a save file
The system verifies any digital signatures present on the save file each time you display the save file or use the save file in a restore operation. If the signature is not valid you cannot display or use the save file in a restore operation. The Verify Object on Restore (QVFYOBJRST) system value does not affect the verification of save files. Therefore, the system verifies the signature every time you display the save file or use the save file in a restore operation.
Parent topic:
Save filesRelated information
Object signing and signature verification