Flowchart 8: How adopted authority is checked

If insufficient authority is found by checking user authority, the system checks adopted authority.

The system might use adopted authority from the original program the user called or from earlier programs in the call stack. To provide the best performance and minimize the number of times private authorities are searched, the process for checking adopted authority checks to see if the program owner has *ALLOBJ special authority or owns the object being tested. This is repeated for every program in the stack that uses adopted authority.

If sufficient authority is not found, the system checks to see if the program owner has private authority for the object being checked. This is repeated for every program in the stack that uses adopted authority.

Figure 1 and Figure 2 show the process for checking adopted authority.

Figure 1. Flowchart 8A: Checking adopted authority user *ALLOBJ and owner
: Checking Adopted Authority User *ALLOBJ and Owner

Description of Flowchart 8A: Checking adopted authority user *ALLOBJ and owner

Flowchart 8A describes how the system checks adopted authority when insufficient authority has been found by checking user authority.
  1. The system sets the object being checked to the original object and proceeds to Step 2.
  2. The system determines if the program adopts authority. If the program does adopt authority, then the authority checking proceeds to Step 3. If the program does not adopt authority and the authority is insufficient, then authority checking goes to Step 5.
  3. If the program does adopt authority, then the system determines if the program owner has *ALLOBJ authority. If the program owner does have *ALLOBJ authority, then the user is authorized. If the program owner does not have *ALLOBJ authority, then the authority checking proceeds to Step 4.
  4. If the program owner does not have *ALLOBJ authority, then the system checks and tests the owner authority. If the authority is sufficient, then the user is authorized. If the authority is insufficient, then authority checking proceeds to Step 5.
  5. The system checks USEADPAUT value for the program currently being test. If the value equals *NO then authority checking proceeds to Step 8. If the value is equal to *YES, then the authority checking proceeds to Step 6.
  6. If the USEADPAUT value is equal to *YES, then the system determine if there are more programs waiting in the stack. If there are more programs in the stack, then authority checking proceeds to Step 7. If there are not any more programs waiting in the stack, then authority checking goes to Step 8.
  7. Test using the next program in the stack and start back at Step 2.
  8. If there are no more programs in the stack or the USEADPAUT value is equal to *NO, then system sets the object and program to the original values and proceeds to Step 9.
  9. The system checks private authority. This is described in Flowchart 8B: Checking adopted authority using private authorities.
Figure 2. Flowchart 8B: Checking adopted authority using private authorities
: Checking Adopted Authority Using Private Authorities

Description of Flowchart 8B: Checking adopted authority using private authorities

  1. The system determines whether the program can adopt authority. If yes, proceed to Step 2. If no, proceed to Step 7.
  2. The system determines whether the object has private authorities. If yes, proceed to Step 3. If no, proceed to Step 4.
  3. The system checks the private and primary group authorities for the program owner. If authority is sufficient, the program is authorized. If insufficient authority is found, proceed to Step 7. If no authority is found, proceed to Step 4.
  4. The system determines whether the object is secured by an authorization list. If yes, proceed to Step 5. If no, proceed to Step 7.
  5. The system sets object equal to authorization list and then proceeds to Step 6.
  6. The system checks the owner's authority to the authorization list. (Refer to Flowchart 4.) If not authority is found, go back to Step 2. If sufficient authority is found, the program is authorized.
  7. The system tests the USEADPAUT authority value for the program currently being checked. If *YES, proceed to Step 8. If *NO, access denied.
  8. The system checks whether there are more programs in the stack. If yes, proceed to Step 9. If no, access denied.
  9. The system sets object equal to original object and proceeds to Step 10.
  10. Test using next program in stack and start back at Step 1.