Types of authority

This topic discusses the types of authority that can be authorized and used on the server.

Your system provides different types of authorities for users. Authority means the type of access allowed to an object. Different operations require different types of authority. For example, you might have the authority to view information or to change information about the system. The system provides several different authority types. IBM groups these authority types into categories, called system-defined authorities and special authorities.

System-defined authority to an object is divided into three categories:
Object Authority
Defines what operations can be performed on the object as a whole.
Data Authority
Defines what operations can be performed on the contents of the object.
Field Authority
defines what operations can be performed on the data fields.

Special authority is used to specify the types of actions that a user can perform on system resources. A user can be given one or more special authorities. The system security level determines what the default special authorities are for each user class. When you create a user profile, you can select special authorities based on the user class. Special authorities are also added and removed from user profiles when you change security levels.

For more information about setting up resource authority, see How the system checks authority in Chapter 5 of the IBM i Security reference.