RSTAUT (Restore Authority)

RSTAUT Command syntax diagram

 

Purpose

The Restore Authority (RSTAUT) command restores the private authorities to user profiles. This command restores the same object use authority to specified objects in the user profile that each user profile had when all the profiles were saved by the Save System (SAVSYS) or Save Security Data (SAVSECDTA) commands. It allows existing authorities, given after the save, to remain. Authority is not restored to the user profiles until the profiles are first restored to the system by the Restore User Profiles (RSTUSRPRF) command and all the objects (for which authority is being given) are restored to the same libraries where they are saved. The objects can be restored with the Restore Library (RSTLIB) or Restore Object (RSTOBJ), Restore Document Library Object (RSTDLO), Restore Configuration (RSTCFG), or Restore Objects in Directories (RST) commands.

If the whole system is being restored, the following sequence must be followed. Using the RSTAUT command must be the last step in the sequence.

  1. Restore the operating system. This is an alternative method to load the program. This restores the QSYS library and ensures that the IBM-supplied user profiles are there.

  2. Restore all the saved user profiles to the system (*ALL is the default for the USRPRF parameter) by using the RSTUSRPRF command.

  3. Restore all the configuration and system resource management (SRM) objects to the system by using the RSTCFG command.

  4. Restore all the user libraries (including the other IBM-supplied libraries) by using the RSTLIB command. Unless saved with the *IBM or *ALLUSR parameter, *NONSYS must be specified on the SAVLIB parameter to restore all user libraries in one operation.

  5. Restore all document library objects to the system by using the RSTDLO command.

  6. Restore all objects in directories using the RST command.

  7. Restore the object authority to user profiles by using the RSTAUT command.

Note: Steps 2 through 7 can be done more than once. For example, after the user profiles are restored (step 2), the user can restore only critical application libraries (step 3), followed by a restore of object authority (step 7). This supplies an operational system limited to using only the critical libraries. Later, the remaining user profiles can be restored, followed by the operations to restore the libraries and object authority.

If authorities for a user profile are restored using the RSTAUT command, the user profile must be restored again before other authorities for it can be restored.

If one user profile is being restored, the following sequence must be followed. Using the RSTAUT command must be the last step.

  1. Restore the specified user profile to the system by using the RSTUSRPRF command.

  2. Restore all the device configuration and SRM objects to the system by using the RSTCFG command.

  3. Restore the specified user libraries to the system by using the RSTLIB command or the RSTOBJ command. If the user profile is being restored because the current profile on the system is damaged, then the needed libraries already exist on the system and restoring of the libraries is not necessary.

  4. Restore all document library objects to the system using the RSTDLO command.

  5. Restore all objects in directories using the RST command.

  6. Restore the object authority to the user profile by using the RSTAUT command. The specified profile may have been restored using the RSTUSRPRF command.

 

Restrictions

  1. This command is shipped with public *EXCLUDE authority.

  2. You must have *SAVSYS special authority to use this command.

  3. Only one RSTAUT command can be run on a system at one time.

 

Optional Parameters

USRPRF
Specifies the names of one or more user profiles whose private authorities are being restored. The specified user profiles must first be restored using the RSTUSRPRF command.

*ALL: Private authorities are being restored for all of the user profiles that are restored but do not have their private authorities restored. This includes user profiles that were restored using multiple RSTUSRPRF commands.

generic*-user-profile-name: Specify the generic name of the user profile. A generic name is a character string of one or more characters followed by an asterisk (*); for example, ABC*. The asterisk (*) substitutes for any valid characters. For more information on the use of generic functions, refer to generic functions.

user-profile-name: Specify one or more names of specific user profiles. Both generic names and specific names can be specified in the same command.

SAVASPDEV
Specifies the name of the auxiliary storage pool (ASP) device from which private authorities were saved.

*ALLAVL: The private authorities saved from the system ASP (ASP number 1), all basic user ASPs (ASP numbers 2-32), and all online independent ASPs are restored.

*: The private authorities saved from the system ASP, all basic user ASPs, and, if the current thread has an ASP group, all independent ASPs in the ASP group are restored.

*SYSBAS: The private authorities saved from the system ASP and all basic user ASPs are restored.

*CURASPGRP: If the current thread has an ASP group, the private authorities saved from all independent ASPs in the ASP group are restored.

auxiliary-storage-pool-device-name: Specify the name of the independent ASP device from which the private authorities were saved.

RSTASPDEV
Specifies the name of the auxiliary storage pool (ASP) device for which to restore the private authorities.

*SAVASPDEV: The private authorities are restored to the same ASPs from which they were saved.

*SYSBAS: The private authorities are restored to the system ASP (ASP number 1) or to the basic user ASPs (ASP numbers 2-32).

auxiliary-storage-pool-device-name: Specify the name of the independent ASP device for which to restore the private authorities. End of change

Examples for RSTAUT

Example 1: Restore all authorities 

RSTAUT

This command restores to each user profile the authority to use each object that the profile had at the time when the system was saved. The user profiles and the libraries and their objects must be restored before the RSTAUT command is sent.

Example 2: Restore authorities for specific users 

RSTUSRPRF USRPRF(USER1 USER2 USER3 USER4)
 
RSTLIB SAVLIB(USERLIB)
 
RSTAUT USRPRF(USER1 USER2 USER3)

To each specified user profile that was successfully restored, this command restores the authority to use each object that the profile had at the time the system was saved. The user profiles and the libraries and their objects must be restored before the RSTAUT command is sent. Because USER4 was not specified in the RSTAUT command, its authorities are still available and may be restored at a later date.

Example 3: Restore authorities for specific libraries 

RSTUSRPRF USRPRF(*ALL)
 
RSTLIB SAVLIB(USERLIBA)
 
RSTLIB SAVLIB(USERLIBB)
 
RSTLIB SAVLIB(USERLIBC)
 
RSTAUT USRPRF(*ALL)

This command restores private authorities for all restored user profiles on the system. This includes authorities for all user profiles restored by the RSTUSRPRF command. Other user profiles on the system that did not have their authorities restored before these commands were specified are also restored by the RSTAUT(*ALL) command.

Example 4: Restore authorities after multiple RSTUSRPRF commands 

RSTUSRPRF USRPRF(USER1 USER2)
 
RSTLIB SAVLIB(USERLIBA)
 
RSTUSRPRF USRPRF(USER1 USER3)
 
RSTLIB SAVLIB(USERLIBB)
 
RSTAUT USRPRF(*ALL)

This command restores private authorities for USER2 and USER3 and for the most recent version of USER1. Because the user profiles have the same name, the second RSTUSRPRF command overlays the first version of USER1.

Example 5: Restore libraries and authorities to an independent ASP 

RSTUSRPRF USRPRF(*ALL) SAVASPDEV(*SYSBAS)
 
RSTLIB SAVLIB(USERLIBA) RSTASPDEV(DIVISION1)
 
RSTLIB SAVLIB(USERLIBB) RSTASPDEV(DIVISION1)
 
RSTLIB SAVLIB(USERLIBC) RSTASPDEV(DIVISION1)
 
RSTAUT USRPRF(*ALL) SAVASPDEV(*SYSBAS) RSTASPDEV(DIVISION1)

This example shows a way to move data and authorities to an independent ASP. The RSTUSRPRF command restores all user profiles and the private authority information saved from the system ASP (ASP number 1) and basic user ASPs (ASP numbers 2-32). The RSTLIB commands restore libraries USERLIBA, USERLIBB, and USERLIBC to the independent ASP named DIVISION1. The RSTAUT command restores authorities saved from the system ASP and basic user ASPs for all user profiles to objects that now exist on the DIVISION1 ASP. End of change

Error messages for RSTAUT

*ESCAPE Messages

CPF2206
User needs authority to do requested function on object.
CPF3776
Not all user profiles had all authorities restored.
CPF3785
Not all subsystems ended.
CPF3855
RSTAUT not allowed at this time.
CPF386D
Prestart job failed.
CPF9814
Device &1 not found.
CPF9833
*CURASPGRP or *ASPGRPPRI specified and thread has no ASP group.End of change
CPFB8ED
Device description &1 not correct for operation.End of change