Case 5: Using adopted authority

This case demonstrates the performance advantage in using adopted authority.

User SMITHG wants to access the PRICES file using program CPPGM08. SMITHG is not a member of a group and does not have *ALLOBJ special authority. Program CPPGM08 requires *CHANGE authority to the file. CPPGM08 is owned by the profile OWNCP and adopts owner authority (USRPRF is *OWNER).

  1. Flowchart 1, step 1.
    1. Flowchart 2, step 1.
  2. Flowchart 1, step 2.
    1. Flowchart 3, steps 1 and 2. Object to check = CONTRACTS/PRICES *FILE.
    2. Flowchart 3, step 3.
      1. Flowchart 4, step 1. SMITHG does not own the PRICES file. Return to Flowchart 3 with no authority found.
    3. Flowchart 3, step 4.
      1. Flowchart 5, steps 1, 2, and 3. Public is not sufficient.
    4. Flowchart 3, step 5.
    5. Flowchart 3, step 6. SMITHG does not have private authority.
    6. Flowchart 3, steps 7 and 8. The PRICES file is not secured by an authorization list. Return to Flowchart 1 with no authority found.
  3. Flowchart 1, step 3. SMITHG does not have a group.
  4. Flowchart 1, step 5.
    1. Flowchart 7, step 1. Public authority is not *AUTL.
    2. Flowchart 7, step 3. Object to check = CONTRACTS/PRICES *FILE.
    3. Flowchart 7, step 4. Public authority is not sufficient.
  5. Flowchart 1, step 6.
    1. Flowchart 8A, step 1. Object to check = CONTRACTS/PRICES *FILE.
    2. Flowchart 8A, steps 2 and 3. OWNCP does not have *ALLOBJ authority.
    3. Flowchart 8A, step 4.
      1. Flowchart 4, steps 1, 2, and 3. Authorized. OWNCP owns the PRICES files and has sufficient authority.

Analysis:

This example demonstrates the performance advantage in using adopted authority when the program owner also owns the application objects.

The number of steps required to perform authority checking has almost no effect on performance, because most of the steps do not require retrieving new information. In this example, although many steps are performed, private authorities are searched only once (for user SMITHG).

Compare this with Case 1 on page Case 1: Using private group authority.
  • If you were to change Case 1 so that the group profile DPTSM owns the PRICES file and has *ALL authority to it, the performance characteristics of the two examples is the same. However, having a group profile own application objects might represent a security exposure. The members of the group always have the group's (owner) authority, unless you specifically give group members less authority. When you use adopted authority, you can control the situations in which owner authority is used.
  • You can also change Case 1 so that DPTSM is the primary group for the PRICES file and has *CHANGE authority to it. If DPTSM is the first group for SMITHG (specified in the GRPPRF parameter of SMITHG's user profile), the performance characteristics is the same as Case 5.