Types of authority

This topic discusses the types of authority that can be authorized and used on the server.

This system provides different types of authorities for users. Authority means the type of access allowed to an object. Different operations require different types of authority. For example, you might have the authority to view information or to change information on the system. The system provides several different authority types. IBM groups these authority types into categories, called system-defined authorities and special authorities.

System-defined authority to an object is divided into three categories:

Object Authority

Defines what operations can be performed on the object as a whole.

Data Authority

Defines what operations can be performed on the contents of the object.

Field Authority

defines what operations can be performed on the data fields.

Special authority is used to specify the types of actions that a user can perform on system resources. A user can be given one or more special authorities. The system security level determines what the default special authorities are for each user class. When you create a user profile, you can select special authorities based on the user class. Special authorities are also added and removed from user profiles when you change security levels.

For more information on setting up resource authority, see "How the system checks authority" in Chapter 5 of the iSeries™ Security Reference.

• System-defined authorities
  This table shows how system-defined authorities apply to securing files, programs, and libraries.

• Special authorities
  This topic describes special authorities that can be specified for a user.

Parent topic: