Planning backup and recovery of security information

 

This information explains the necessity of planning the backup and recovery of your security information.

Saving your security information is just as important as saving your data. In some situations, you may need to recover user profiles, object authorities, and the data on your system. If you do not have your security information saved, you may need to manually rebuild user profiles and object authorities. This can be time-consuming and can lead to errors and security exposures. Planning adequate backup and recovery procedures for security information requires understanding how the information is stored, saved, and restored.

This table shows the commands used to save and restore security information. The sections that follow discuss saving and restoring security information in more detail.

Table 1. Commands for saving and restoring security information
Security information saved or restored Save and Restore commands used
SAVCHGOBJ
SAVOBJ RSTOBJ
SAVLIB RSTLIB
SAVSECDTA SAVDLO RSTDLO
SAVESYS SAVCFG RSTUSRPRF RSTCFG RSTAUT
User profiles X X
Object ownership1 X X
Primary group1 X X
Public authorities1 X X
Private authorities X X
Authorization lists X X
Authority holders X X
Link with the authorization list and authority holders X X
Object auditing value X X `
Function registration information2 X X
Function usage information X X X

1

The SAVSECDTA, SAVSYS, and RSTUSRPRF commands save and restore ownership, primary group, primary group authority, and public authority for these object types: User profile (*USRPRF), Authorization list (*AUTL), and Authority holder (*AUTHLR).

2

The object to save/restore is QUSEXRGOBJ, type *EXITRG in QUSRSYS library.

Security information is stored differently on the save media than it is on your system. When you save user profiles, the private authority information stored with the user profile is formatted into an authority table. An authority table is built and saved for each user profile that has private authorities. This reformatting and saving of security information can be lengthy if you have many private authorities on your system.

Recovering your system often requires restoring data and associated security information. The usual sequence for recovery is:

  1. Restore user profiles and authorization lists (RSTUSRPRF USRPRF(*ALL)).

  2. Restore objects (RSTLIB, RSTOBJ, or RSTCFG).

  3. Restore the private authorities to objects (RSTAUT).

 

Parent topic:

Planning your security strategy
Related information
Backup and Recovery PDF