Resource security, which defines how users can work with objects,
consists of different types of information that is stored in several different
places:
| Type of information |
Where it is stored |
How it is saved |
How it is restored |
|---|
| Public authority |
With the object |
SAVxxx command1 |
RSTxxx command2 |
| Object auditing value |
With the object |
SAVxxx command1 |
RSTxxx command2 |
| Object ownership |
With the object |
SAVxxx command1 |
RSTxxx command2 |
| Primary group |
With the object |
SAVxxx command1 |
RSTxxx command2 |
| Authorization list |
QSYS library |
SAVESYS or SAVSECDTA |
RSTUSRPRF, USRPRF (*ALL) |
| Link between object and authorization list |
With the object |
SAVxxx command1 |
RSTxxx command2 |
| Private authority |
With the user profile |
SAVESYS or SAVSECDTA |
RSTAUT |
- 1
- You can save most object types by using the SAVOBJ or SAVLIB commands.
Some object types, such as configurations, have a special save command.
- 2
- You can restore most object types by using the RSTOBJ or RSTLIB commands.
Some object types, such as configurations, have a special restore command.
|
When you need to recover an application or your entire system, you need
to plan the steps carefully, including recovery of the authority to objects.
Following are the basic steps necessary to recover the resource security information
for an application:
- If necessary, restore user profiles, including the profiles which own
the application. You can restore specific profiles or all profiles with the
RSTUSRPRF command.
- Restore any authorization lists that are used by the application. You
restore authorization lists when you use RSTUSRPRF USRPRF(*ALL).
Note: This
restores all the user profile values, including passwords, from the backup
media.
- Restore the application libraries by using the RSTLIB or RSTOBJ command.
This recovers object ownership, public authority, and the links between objects
and authorization lists.
- Restore private authority to objects by using the RSTAUT command. The
RSTAUT command also restores user authorities to authorization lists. You
can restore authority for specific users or all users.