ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatz_5.4.0.1/51/admin/qshgrtauth.htm

89 lines
6.0 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>Grant authority to an instance</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h4><a name="qshgrtauth"></a>Grant authority to an instance</h4>
<p>The grtwasaut script grants a user authority to an instance and the objects associated with it.</p>
<p><strong>Authority</strong></p>
<p>To run this script, your user profile must have *ALLOBJ authority.</p>
<p><strong>Usage</strong></p>
<p>To grant authority to objects and directories in an instance, run the grtwasaut script from the Qshell command line. To run the script, follow these steps:</p>
<ol>
<li><p>On the CL command line, run the STRQSH (Start Qshell) command.</p></li>
<li><p>Run the cd command to change to the directory that contains the script:</p>
<pre>cd /QIBM/ProdData/WebASE51/ASE/bin</pre></li>
<li><p>Run the grtwasaut script:</p>
<pre>grtwasaut -instance <em>instance</em> -user <em>usrprf</em> | -authlist <em>authlist</em>
-dtaaut <em>dataAuth</em> -objaut <em>objAuth</em></pre>
<p>where <em>instance</em> is the instance to which you are granting authority, <em>usrprf</em> is the user profile to which you are granting authority, <em>authlist</em> is the authorization list to which you are granting authority, <em>dataAuth</em> specifies the data authorities that you are granting to the user specified by the -user parameter and <em>objAuth</em> specifies the object authorities that you are granting to the user specified by the -user parameter. You do not need to specify both the -user and -authlist parameters, but you must specify at least one of them.</p></li>
</ol>
<p><strong>Syntax</strong></p>
<p>The syntax of the script is:</p>
<pre>grtwasaut -instance <em>instance</em> { -user <em>usrprf</em> | -authlist <em>authlist</em> }
{ -dtaaut <em>dataAuth</em> | -objaut <em>objectAuth</em> } [ -object <em>path</em> ]
[ -recursive ] [ -verbose ] [ -help ]</pre>
<p><strong>Note:</strong> When you run the grtwasaut script, you must specify these paramters:</p>
<ul>
<li>-user, -authlist, or both</li>
<li>-dtaaut, objaut, or both</li>
</ul>
<p><strong>Parameters</strong></p>
<p>The parameters of the script are:</p>
<ul>
<li><p><strong>-instance</strong>
<br>This is a required parameter. The value <em>instance</em> specifies the name of the instance to which you are granting authority.</p></li>
<li><p><strong>-user</strong>
<br>The value <em>usrprf</em> specifies the i5/OS user profile to which you are granting authority. To grant authority to multiple user profiles, specify all of the user profiles with a single -user parameter. Enclose the list of profiles in double quotation marks (&quot;). For example, to grant authority to usrprf1 and usrprf2, specify <tt>-user &quot;usrprf1 usrprf2&quot;</tt>. You must specify -user, -authlist, or both.</p></li>
<li><p><strong>-authlist</strong>
<br>The value <em>authlist</em> specifies the i5/OS authorization list to which you are granting authority. You must specify -user, -authlist, or both.</p></li>
<li><p><strong>-dtaaut</strong>
<br>The value <em>dataAuth</em> specifies the data authorities that you are granting to the user specified by the -user parameter. Valid values are none, rwx, rx, rw, wx, r, w, x, exclude, autl, and same. The specified value replaces the user's current data authorities to the object. You must specify -dtaaut, -objaut, or both. For more information on the values for this parameter, see the <a href="../../../cl/chgaut.htm">CHGAUT (Change Authority) command description</a>.</p></li>
<li><p><strong>-objaut</strong>
<br>The value <em>objAuth</em> specifies the object authorities that you are granting to the user specified in the -user parameter. Valid values are none, all, objexist, objmgt, objalter, objref, and same. The specified value replaces the user's current object authorities to the object. You must specify -dtaaut, -objaut, or both. For more information on the values for this parameter, see the <a href="../../../cl/chgaut.htm">CHGAUT (Change Authority) command description</a>.</p></li>
<li><p><strong>-object</strong>
<br>The value <em>path</em> specifies the subdirectory or partially qualified object name to which you are granting authority. The instance root is prepended to the value to get the fully-qualified path. If you do not specify this parameter, the default value is the instance root. To grant authority to multiple objects, you must run the script for each object.</p></li>
<li><p><strong>-recursive</strong>
<br>This optional parameter specifies whether to grant authority to all subdirectories. If you do not specify this parameter, authority is granted only to the object specified with the -object parameter, or the instance root directory if the -object parameter is not specified. This parameter applies to all objects specified with -object parameters.</p></li>
<li><p><strong>-verbose</strong>
<br>This optional parameter turns on verbose messages, which can be helpful if you need to debug the script.</p></li>
<li><p><strong>-help</strong>
<br>This optional parameter displays the help message. If you specify this parameter, the script ignores all other parameters.</p></li>
</ul>
<p><strong>Examples</strong></p>
<p>In this example, the user profiles johndoe and jsmith are granted rwx authority to the instance devinst and the associated objects.</p>
<pre>grtwasaut -instance devinst -user &quot;johndoe jsmith&quot; -dtaaut rwx -recursive</pre>
<p>In this example, the user profiles johndoe and jsmith are granted rwx authority to the installedApps subdirectory and all nested objects in the installedApps subdirectory.</p>
<pre>grtwasaut -instance devinst -object installedApps -user &quot;johndoe jsmith&quot; -dtaaut rwx -recursive</pre>
</body>
</html>