Saving resource security information
Resource security defines how users can work with objects, consists of different types of information that is stored in several different places.
Type of information | Where it is stored | How it is saved | How it is restored |
---|---|---|---|
Public authority | With the object | SAVxxx command1 | RSTxxx command2 |
Object auditing value | With the object | SAVxxx command1 | RSTxxx command2 |
Object ownership | With the object | SAVxxx command1 | RSTxxx command2 |
Primary group | With the object | SAVxxx command1 | RSTxxx command2 |
Authorization list | QSYS library | SAVSYS or SAVSECDTA | RSTUSRPRF, USRPRF (*ALL) |
Link between object and authorization list | With the object | SAVxxx command1 | RSTxxx command2 |
Private authority | With the user profile | SAVSYS, SAVSECDTA, or SAVXXX command | RSTAUT or RSTXXX command |
|
When you need to recover an application or your entire system,
you need to plan the steps carefully, including recovery of the authority
to objects. The basic steps necessary to recover the resource security
information for an application are:
- If necessary, restore user profiles, including the profiles which own the application. You can restore specific profiles or all profiles with the RSTUSRPRF command.
- Restore any authorization lists that are used by the application.
You restore authorization lists when you use RSTUSRPRF USRPRF(*ALL). Note: This restores all the user profile values, including passwords, from the backup media.
- Restore the application libraries by using the RSTLIB or RSTOBJ command. This recovers object ownership, public authority, and the links between objects and authorization lists.
- Restore private authority to objects by using the RSTAUT command. The RSTAUT command also restores user authorities to authorization lists. You can restore authority for specific users or all users.