When you restore an object to the system, the system uses the authority
information stored with the object.
The following applies to security of the restored object:
Object ownership:
- If the profile that owns the object is on the system, ownership is restored
to that profile.
- If the owner profile does not exist on the system, ownership of the object
is given to the QDFTOWN (default owner) user profile.
- If the object exists on the system and the owner on the system is different
from the owner on the save media, the object is not restored unless ALWOBJDIF(*ALL)
is specified. In that case, the object is restored and the owner on the system
is used.
Primary group:
For an object that does not exist on the system:
- If the profile that is the primary group for the object is on the system,
the primary group value and authority are restored for the object.
- If the profile that is the primary group does not exist on the system:
- The primary group for the object is set to none.
- The primary group authority is set to no authority.
When an existing object is restored, the primary group for the object
is not changed by the restore operation.
Public authority:
- If the object being restored does not exist on the system, public authority
is set to the public authority of the saved object.
- If the object being restored does exist and is being replaced, public
authority is not changed. The public authority from the saved version of the
object is not used.
- The CRTAUT for the library is not used when restoring objects to the library.
Authorization list:
- If an object, other than a document or folder, already exists on the system
and is linked to an authorization list, the ALWOBJDIF parameter determines
the result:
- If ALWOBJDIF(*NONE) is specified, the existing object must have the same
authorization list as the saved object. If not, the object is not restored.
–
- If ALWOBJDIF(*ALL) is specified, the object is restored. The object is
linked to the authorization list associated with the existing object.
- If a document or folder that already exists on the system is restored,
the authorization list associated with the object on the system is used. The
authorization list from the saved document or folder is not used.
- If the authorization list does not exist on the system, the object is
restored without being linked to an authorization list and the public authority
is changed to *EXCLUDE.
- If the object is being restored on the same system from which it was
saved, the object is linked to the authorization list again.
- If the object is being restored on a different system, the ALWOBJDIF parameter
on the restore command is used to determine whether the object is linked to
the authorization list:
- If ALWOBJDIF(*ALL) is specified, the object is linked to the authorization
list.
- If ALWOBJDIF(*NONE) is specified, then the object is not linked to the
authorization list and the public authority of the object is changed to *EXCLUDE.
Private authorities:
- Private authority is saved with user profiles, not with objects.
- If user profiles have private authority to an object being restored, those
private authorities are usually not affected. Restoring certain types of programs
may result in private authorities being revoked.
- If an object is deleted from the system and then restored from a saved
version, private authority for the object no longer exists on the system.
When an object is deleted, all private authority to the object is removed
from user profiles.
- If private authorities need to be recovered, the Restore Authority (RSTAUT)
command must be used. The normal sequence is:
- Restore user profiles
- Restore objects
- Restore authority
Object Auditing:
- If the object being restored does not exist on the system, the object
auditing (OBJAUD) value of the saved object is restored.
- If the object being restored does exist and is being replaced, the object
auditing value is not changed. The OBJAUD value of the saved version of the
object is not restored.
- If a library being restored does not exist on the system, the create object
auditing (CRTOBJAUD) value for the library is restored.
- If a library being restored exists and is being replaced, the CRTOBJAUD
value for the library is not restored. The CRTOBJAUD value for the existing
library is used.
Authority Holder:
- If a file is restored and an authority holder exists for that file name
and the library to which it is being restored, the file is linked to the authority
holder.
- The authority information associated with the authority holder replaces
the public authority and owner information saved with the file.
Domain Objects: For systems running Version 2 Release 3 or later of the
OS/400 licensed program, the system restricts user domain objects
(*USRSPC, *USRIDX, and *USRQ) to the libraries specified in the QALWUSRDMN
system value. If a library is removed from the QALWUSRDMN system value after
a user domain object of type *USRSPC, *USRIDX, or *USRQ is saved, the system
changes the object to system domain when it is restored.
Function Registration Information: The function registration information
can be restored by restoring the QUSEXRGOBJ *EXITRG object into QUSRSYS. This
restores all of the registered functions. The usage information associated
with the functions is restored when user profiles and authorities are restored.
Applications that Use Certificates Registration: The applications that
use certificates registration information can be restored by restoring the
QUSEXRGOBJ *EXITRG object into QUSRSYS. This restores all of the registered
applications. The association of the application to its certificate information
can be restored by restoring the QYCDCERTI *USRIDX object into QUSRSYS.
Refer to Restore authority for
more information.