Flowchart 3: How user authority to an object is checked
The steps in Flowchart 3 are performed for the individual user profile.
Description of Flowchart 3: Check user authority
- The system determines if the user profile has *ALLOBJ authority. If the profile does have *ALLOBJ authority, then the profile is authorized. If it does not have *ALLOBJ authority, then the authority checking proceeds to Step 2.
- The system sets the authority of the object to the equal the original object. The authority checking proceeds to Step 3.
- The system checks the owner authority. If the authority is insufficient, then it proceeds to Step 8. If no authority is found, then it proceeds to Step 4.
- The system completes a fast path authority check of the original object. (Refer to Flowchart 5). If authority is insufficient, then authority checking proceeds to Step 5.
- The system determines if the object has private authorities. If it does, then the authority check proceeds to Step 6. If there are no private authorities, then the authority checking goes to Step 7.
- The system checks for private authorities with the user profile. If the authority is sufficient, then the user is authorized. If authority is not sufficient, then the authority checking proceeds to Step 8. If no authority is found, then the authority checking proceeds to Step 7.
- The system determines if the object is secured by an authorization list. If it is not, then the authority checking proceeds to Step 8. If it is secured by an authorization list, then the authority checking proceeds to Step 9.
- The system sets the object to test equal to the original object and returns to the calling flowchart with insufficient authority or no authority found.
- The system sets the object to test equal to the authorization list and returns to Step 3.