Create Authorization List (CRTAUTL)

The Create Authorization List (CRTAUTL) command creates an authorization list. Authorization lists are used to give a set of users specific authorities to an object or a set of objects. Each user has the authorities to all of the objects. When an authorization list is granted authority to an object, the users on the list get authority to the object. The authorities they receive are those specified for them in the authorization list.

A user's authority on an authorization list can be overridden by granting the user specific authority to the object. Specific authorities override the user's authority specified in the authorization list. Specific authorities override the user's group authority, if both are specified.

If public authority specified for the object is *AUTL, then the public authority specified on the authorization list is used.

Restrictions:

Authorization lists cannot be used to secure user profiles or other authorization lists.
Only one authorization list can be used to secure an object.

Keyword	Description	Choices	Notes
AUTL	Authorization list	Name	Required, Positional 1
TEXT	Text 'description'	Character value, *BLANK	Optional
AUT	Authority	CHANGE, ALL, USE, EXCLUDE	Optional, Positional 2

Authorization list (AUTL)

Specifies the authorization list to be created.

This is a required parameter.

name: Specify the name to be given to the authorization list object.

Authority (AUT)

Specifies the authority you are giving to users who do not have specific authority for the object, who are not on an authorization list, and whose group profile or supplemental group profiles do not have specific authority for the object.

*CHANGE: The user can perform all operations on the object except those limited to the owner or controlled by object existence (*OBJEXIST) and object management (*OBJMGT) authorities. The user can change and perform basic functions on the object. *CHANGE authority provides object operational (*OBJOPR) authority and all data authority. If the object is an authorization list, the user cannot add, change, or remove users.

*ALL: The user can perform all operations except those limited to the owner or controlled by authorization list management (*AUTLMGT) authority. The user can control the object's existence, specify the security for the object, change the object, and perform basic functions on the object. The user also can change ownership of the object.

*USE: The user can perform basic operations on the object, such as running a program or reading a file. The user cannot change the object. Use (*USE) authority provides object operational (*OBJOPR), read (*READ), and execute (*EXECUTE) authorities.

*EXCLUDE: The user cannot access the object.

Examples

CRTAUTL   AUTL(PROGMR)  AUT(*CHANGE)
          TEXT('Programmers authorization list')

This command creates an authorization list (PROGMR). If an object whose authority comes from the authorization list has specified USER(*PUBLIC) as AUT(*AUTL), the users who do not have specific authority and whose group does not have specific authority to the object are given *CHANGE authority for the object secured by this authorization list.

Error messages

*ESCAPE Messages

CPF2122: Storage limit exceeded for user profile &1.
CPF22AD: Group profile for user not found.
CPF22A6: User creating an authorization list must have *ADD authority to his user profile
CPF2204: User profile &1 not found.
CPF2217: Not authorized to user profile &1.
CPF2222: Storage limit is greater than specified for user profile &1.
CPF2278: Authorization list &1 already exists.
CPF2289: Unable to allocate authorization list &1.