You can use the Revoke Public Authority (RVKPUBAUT) command to
set the public authority to *EXCLUDE for a set of commands and programs.
Commands and APIs whose public authority are set by the RVKPUBAUT
command
The RVKPUBAUT command runs a program that is called QSYS/QSECRVKP.
As it is shipped, the QSECRVKP revokes public authority (by setting public
authority to *EXCLUDE) for the commands that are listed in the table below
and the application programming interfaces (APIs) that are listed in Table
12. When your system arrives, these commands and APIs have their public authority
set to *USE.
The commands and the APIs that are listed in the tables all perform
functions on your system that may provide an opportunity for mischief. As
security administrator, you should explicitly authorize users to run these
commands and programs rather than make them available to all system users.
When you run the RVKPUBAUT command, you specify the library that
contains the commands. The default is the QSYS library. If you have more than
one national language on your system, you need to run the command for each
QSYSxxx library.
Table 1. Setting public authority| Using the RVKPUBAUT command |
|---|
ADDAJE
ADDCFGLE
ADDCMNE
ADDJOBQE
ADDPJE
ADDRTGE
ADDWSE
CHGAJE
CHGCFGL
CHGCFGLE
CHGCMNE
CHGCTLAPPC
CHGDEVAPPC
|
CHGJOBQE
CHGPJE
CHGRTGE
CHGSBSD
CHGWSE
CPYCFGL
CRTCFGL
CRTCTLAPPC
CRTDEVAPPC
CRTSBSD
ENDRMTSPT
RMVAJE
RMVCFGLE
|
RMVCMNE
RMVJOBQE
RMVPJE
RMVRTGE
RMVWSE
RSTLIB
RSTOBJ
RSTS36F
RSTS36FLR
RSTS36LIBM
STRRMTSPT
STRSBS
WRKCFGL
|
Table 2. Setting public authority| Using the RVKPUBAUT command |
|---|
QTIENDSUP
QTISTRSUP
QWTCTLTR
QWTSETTR
QY2FTML
|
When you run the RVKPUBAUT command, the system sets the public authority
for the root directory to *USE (unless it is already *USE or less).