Restore Authority (RSTAUT)

Where allowed to run: All environments (*ALL)
Threadsafe: No
Parameters
Examples
Error messages

The Restore Authority (RSTAUT) command restores the private authorities to user profiles. This command restores the same object authority to specified objects in the user profile that each user profile had when all the profiles were saved by the Save System (SAVSYS) or the Save Security Data (SAVSECDTA) command. It allows existing authorities, given after the save, to remain. Authority cannot be restored to the user profiles until the profiles are first restored to the system by the Restore User Profile (RSTUSRPRF) command and all the objects (for which authority is being given) are restored to the same libraries where they were saved. The objects can be restored by the Restore Library (RSTLIB) or Restore Object (RSTOBJ) command. Documents and folders can be restored using the Restore Document Library Object (RSTDLO) command. Device configuration objects can be restored using the Restore Configuration (RSTCFG) command. Integrated file system objects can be restored by the Restore Object (RST) command.

If the whole system is being restored, the following sequence must be followed. Using the RSTAUT command must be the last step in the sequence.

  1. Restore the operating system. This is an alternative method to load the program. This restores the QSYS library and ensures that the IBM-supplied user profiles are there.
  2. Restore all the saved user profiles to the system (*ALL is the default for the USRPRF parameter) by using the RSTUSRPRF command.
  3. Restore all the configuration and system resource management (SRM) objects to the system by using the RSTCFG command.
  4. Restore all the user libraries by using the RSTLIB command.
  5. Restore all document library objects to the system by using the RSTDLO command.
  6. Restore all objects in directories using the RST command.
  7. Restore the object authority to user profiles by using the RSTAUT command.

Note: Steps 2 through 7 can be done more than once. For example, after the user profiles are restored (step 2), the user can restore only critical application libraries (step 3), followed by a restore of object authority (step 7). This supplies an operational system limited to using only the critical libraries. Later, the remaining user profiles can be restored, followed by the operations to restore the libraries and object authority.

If authorities for a user profile are restored using the RSTAUT command while all subsystems are ended, the user profile must be restored again before other authorities for it can be restored.

If one user profile is being restored, the following sequence must be followed. Using the RSTAUT command must be the last step.

  1. Restore the specified user profile to the system by using the RSTUSRPRF command.
  2. Restore all the device configuration and SRM objects to the system by using the RSTCFG command.
  3. Restore the specified user libraries to the system by using the RSTLIB command or the RSTOBJ command. If the user profile is being restored because the current profile on the system is damaged, then the needed libraries already exist on the system and restoring of the libraries is not necessary.
  4. Restore all document library objects to the system using the RSTDLO command.
  5. Restore all objects in directories using the RST command.
  6. Restore the object authority to the user profile by using the RSTAUT command. The specified profile may have been restored using the RSTUSRPRF command.

Restrictions:

Top

Parameters

Keyword Description Choices Notes
USRPRF User profile Single values: *ALL
Other values (up to 300 repetitions): Generic name, name
Optional, Positional 1
SAVASPDEV Saved from ASP device Name, *ALLAVL, *, *SYSBAS, *CURASPGRP Optional
RSTASPDEV Restore to ASP device Name, *SAVASPDEV, *SYSBAS Optional
Top

User profile (USRPRF)

Specifies the names of one or more user profiles to have their private authorities restored. The specified user profiles must first be restored using the Restore User Profile (RSTUSRPRF) command.

Single values

*ALL
Specifies all of the user profiles that are restored but do not have their private authorities restored. This includes user profiles that were restored using multiple previous Restore User Profile (RSTUSRPRF) commands.

Other values (up to 300 repetitions)

generic-name
Specify one or more generic names of sets of user profiles. A generic name is a character string that contains one or more characters followed by an asterisk (*). (If an * is not specified with the name, the system assumes that the name is a complete user profile name.)
name
Specify one or more names of specific user profiles. Both generic names and specific names can be specified in the same command. A maximum of 300 user profile names can be specified.
Top

Saved from ASP device (SAVASPDEV)

Specifies the auxiliary storage pool (ASP) device from which private authorities were saved.

*ALLAVL
The private authorities saved from the system ASP (ASP number 1), all basic user ASPs (ASP numbers 2-32), and all available independent ASPs are restored.
*
The private authorities saved from the system ASP, all basic user ASPs, and, if the current thread has an ASP group, all independent ASPs in the ASP group are restored.
*SYSBAS
The private authorities saved from the system ASP and all basic user ASPs are restored.
*CURASPGRP
If the current thread has an ASP group, the private authorities saved from all independent ASPs in the ASP group are restored.
name
Specify the name of the ASP device from which private authorities were saved.
Top

Restore to ASP device (RSTASPDEV)

Specifies the auxiliary storage pool (ASP) device for which to restore the private authorities.

*SAVASPDEV
The private authorities are restored to the same ASPs from which they were saved.
*SYSBAS
The private authorities are restored to the system ASP (ASP number 1) or to the basic user ASPs (ASP numbers 2-32).
name
Specify the name of the independent ASP device for which to restore the private authorities.
Top

Examples

Example 1: Restore All Authorities

RSTAUT

This command restores to each user profile the authority to use each object that the profile had at the time when the system was saved. The user profiles and the libraries and their objects must be restored before the RSTAUT command is sent.

Example 2: Restore Authorities for Specific Users

RSTUSRPRF   USRPRF(USER1 USER2 USER3 USER4)
RSTLIB   SAVLIB(USERLIB)
RSTAUT   USRPRF(USER1 USER2 USER3)

To each specified user profile that was successfully restored, this command restores the authority to use each object that the profile had at the time the system was saved. The user profiles and the libraries and their objects must be restored before the RSTAUT command is sent. Because USER4 was not specified in the RSTAUT command, its authorities are still available and may be restored at a later date.

Example 3: Restore Authorities for Specific Libraries

RSTUSRPRF   USRPRF(*ALL)
RSTLIB   SAVLIB(USERLIBA)
RSTLIB   SAVLIB(USERLIBB)
RSTLIB   SAVLIB(USERLIBC)
RSTAUT   USRPRF(*ALL)

This command restores private authorities for all restored user profiles on the system. This includes authorities for all user profiles restored by the RSTUSRPRF command. Other user profiles on the system that did not have their authorities restored before these commands were specified are also restored by the RSTAUT(*ALL) command.

Example 4: Restore Authorities After Multiple RSTUSRPRF Commands

RSTUSRPRF   USRPRF(USER1 USER2)
RSTLIB   SAVLIB(USERLIBA)
RSTUSRPRF   USRPRF(USER1 USER3)
RSTLIB   SAVLIB(USERLIBB)
RSTAUT   USRPRF(*ALL)

This command restores private authorities for USER2 and USER3 and for the most recent version of USER1. Because the user profiles have the same name, the second RSTUSRPRF command overlays the first version of USER1.

Example 5: Restore Libraries and Authorities to an Independent ASP

RSTUSRPRF   USRPRF(*ALL)  SAVASPDEV(*SYSBAS)
RSTLIB   SAVLIB(USERLIBA)  RSTASPDEV(DIVISION1)
RSTLIB   SAVLIB(USERLIBB)  RSTASPDEV(DIVISION1)
RSTLIB   SAVLIB(USERLIBC)  RSTASPDEV(DIVISION1)
RSTAUT   USRPRF(*ALL)  SAVASPDEV(*SYSBAS)
         RSTASPDEV(DIVISION1)

This example shows a way to move data and authorities to an independent auxiliary storage pool (ASP). The RSTUSRPRF command restores all user profiles and the private authority information saved from the system ASP (ASP number 1) and basic user ASPs (ASP numbers 2-32). The RSTLIB commands restore libraries USERLIBA, USERLIBB, and USERLIBC to the independent ASP named DIVISION1. The RSTAUT command restores authorities saved from the system ASP and basic user ASPs for all user profiles to objects that now exist on the DIVISION1 ASP.

Top

Error messages

*ESCAPE Messages

CPF2206
User needs authority to do requested function on object.
CPF222E
&1 special authority is required.
CPF3776
Not all user profiles had all authorities restored.
CPF3785
Not all subsystems ended.
CPF3855
RSTAUT not allowed at this time.
CPF386D
Prestart job failed.
CPF9814
Device &1 not found.
CPF9833
*CURASPGRP or *ASPGRPPRI specified and thread has no ASP group.
CPFB8ED
Device description &1 not correct for operation.
Top