Create Authority Holder (CRTAUTHLR)

Where allowed to run: All environments (*ALL)
Threadsafe: No
Parameters
Examples
Error messages

The Create Authority Holder (CRTAUTHLR) command allows a user to create an authority holder to secure an object of type *FILE before it exists on the system. The file must be a program-described database file. When an object by the specified name is created, the authorities specified in the authority holder are linked to the newly created object.

The authority holder is associated with one specific object, object type, and library. This allows only users with the correct authority to access the object. The authority holder and associated object always have the same owner.

If the object has authorities associated with it, they are linked to the newly created authority holder. The owner of the object becomes the owner of the authority holder. Authority holders are located in library QSYS.

Restrictions:

Top

Parameters

Keyword Description Choices Notes
OBJ Object Qualified object name Required, Positional 1
Qualifier 1: Object Name
Qualifier 2: Library Name
AUT Authority Name, *LIBCRTAUT, *CHANGE, *ALL, *USE, *EXCLUDE Optional
Top

Object (OBJ)

Specifies the database file that the authority holder secures when the object is created.

This is a required parameter.

Qualifier 1: Object

name
Specify the name to be given to the authority holder object.

Qualifier 2: Library

name
Specify the name of the library where the authority holder is created.
Top

Authority (AUT)

Specifies the authority you are giving to users who do not have specific authority for the object, who are not on an authorization list, and whose group profile or supplemental group profiles do not have specific authority for the object.

*LIBCRTAUT
The system determines the authority for the object by using the value specified for the Create authority (CRTAUT) parameter on the Create Library command (CRTLIB) for the library containing the object to be created. If the value specified for the CRTAUT parameter is changed, the new value will not affect any existing objects.
*CHANGE
The user can perform all operations on the object except those limited to the owner or controlled by object existence (*OBJEXIST) and object management (*OBJMGT) authorities. The user can change and perform basic functions on the object. *CHANGE authority provides object operational (*OBJOPR) authority and all data authority. If the object is an authorization list, the user cannot add, change, or remove users.
*ALL
The user can perform all operations except those limited to the owner or controlled by authorization list management (*AUTLMGT) authority. The user can control the object's existence, specify the security for the object, change the object, and perform basic functions on the object. The user also can change ownership of the object.
*USE
The user can perform basic operations on the object, such as running a program or reading a file. The user cannot change the object. Use (*USE) authority provides object operational (*OBJOPR), read (*READ), and execute (*EXECUTE) authorities.
*EXCLUDE
The user cannot access the object.
name
Specify the name of an authorization list to be used for authority to the object. Users included in the authorization list are granted authority to the object as specified in the list. The authorization list must exist when the object is created.
Top

Examples

CRTAUTHLR   OBJ(QGPL/FIL1)  AUT(*EXCLUDE)

This command creates an authority holder for object FIL1 in library QGPL with *EXCLUDE authority.

GRTOBJAUT   OBJ(QGPL/FIL1)  TYPE(*FILE)  USER(TWO)  AUT(*USE)

By running this command, *USE authority is granted to user TWO for the authority holder that secures file FIL1 in library QGPL.

CRTSRCF  FILE(QGPL/FIL1)

By running this command, user ONE creates a file that has a matching authority holder. User ONE becomes the owner of the file with user TWO having *USE authority to QGPL/FIL1.

Top

Error messages

*ESCAPE Messages

CPC2212
Authority holder created.
CPF2122
Storage limit exceeded for user profile &1.
CPF2163
Creation of authority holder in &2 not allowed.
CPF22BA
Authority holder could not be created.
CPF22BC
Object &1 type &3 is not program defined.
CPF22B2
Not authorized to create or delete authority holder.
CPF22B5
Authority holder already exists.
CPF22B6
Authority holder could not be created.
CPF2283
Authorization list &1 does not exist.
CPF2289
Unable to allocate authorization list &1.
CPF9803
Cannot allocate object &2 in library &3.
Top