Defining who can access information

You define who can use an object in several ways:

Public authority:

The public authority consists of anyone who is authorized to sign on to your system. Public authority is defined for every object on the system, although the public authority for an object can be *EXCLUDE. Public authority to an object is used if no other specific authority is found for the object.

Private authority:

You can define specific authority to use (or not use) an object. You can grant authority to an individual user profile or to a group profile. An object has private authority if any authority other than public authority, object ownership, or primary group authority is defined for the object.

User authority:

Individual user profiles can be given authority to use objects on the system. This is one type of private authority.

Group authority:

Group profiles can be given authority to use objects on the system. A member of the group gets the group's authority unless an authority is specifically defined for that user. Group authority is also considered private authority.

Object ownership:

Every object on the system has an owner. The owner has *ALL authority to the object by default. However, the owner's authority to the object can be changed or removed. The owner's authority to the object is not considered private authority.

Primary group authority:

You can specify a primary group for an object and the authority the primary group has to the object. Primary group authority is stored with the object and can provide better performance than private authority granted to a group profile. Only a user profile with a group identification number (gid) can be the primary group for an object. Primary group authority is not considered private authority.