AUT parameter

You use the authority (AUT) parameter in create, grant, and revoke commands. It specifies the authority granted to all users of an object. It also specifies an authorization list that is used to secure the object. Four object types allow the AUT parameter to contain an authorization list: LIB, PGM, DTADCT, and FILE. Public authority is an OS/400 object attribute that controls the base set of rights to that object for all users having access to the system. These rights can be extended or reduced for specific users. If you specify an authorization list, the public authority in the authorization list is the public authority for the object. The owner of an object has all authority to the object at its creation.

If the object is created as a private object or with the limited authority given to all users, the owner can grant more or less authority to specific users by specifically naming them and stating their authority in the Grant Object Authority (GRTOBJAUT) command. The owner also can withdraw specific authority from specific users, or from all users (publicly authorized and/or specifically authorized) by using the Revoke Object Authority (RVKOBJAUT) command or the Edit Object Authority (EDTOBJAUT) command.

The iSeries Security Reference book has a complete description of security provisions and applicable rights of use by object type.

Values allowed

*LIBCRTAUT: The public authority for the object is taken from the value on the CRTAUT parameter of the target library (the library that is to contain the object). The public authority is determined when the object is created. If the CRTAUT value for the library changes after the object is created, the new value does not affect any existing objects.

*USE: You can perform basic operations on the object, such as running a program or reading a file. The user cannot change the object. *USE authority provides object operational authority, read authority, and execute authority.

*CHANGE: You can perform all operations on the object except those limited to the owner or controlled by object existence authority and object management authority. You can change and perform basic functions on the object. Change authority provides object operational authority and all data authority.

*ALL:You can perform all operations except those limited to the owner or controlled by authorization list management authority. Your can control the object's existence, specify the security for the object, change the object, and perform basic functions on the object. You also can change ownership of the object.

*EXCLUDE: You cannot access the object.

*EXECUTE: You can run a program or procedure or search a library or directory.

authorization-list-name: Specify the name of the authorization list whose authority is used.