Case 4: Using public authority without searching private authority

This case describes how to use public authority without searching private authority.

User JONESP wants to access the PRICES file using the program CPPGM06. CPPGM06 requires *USE authority to the file. JONESP is a member of group profile DPTSM and does not have *ALLOBJ special authority. The system performs these steps in determining whether to allow JONESP access to the PRICES file:

  1. Flowchart 1, step 1.
    1. Flowchart 2, step 1. The PRICES file has private authorities.
  2. Flowchart 1, step 2.
    1. Flowchart 3, steps 1 and 2. Object to check = CONTRACTS/PRICES *FILE.
    2. Flowchart 3, step 3.
      1. Flowchart 4, step 1. JONESP does not own the PRICES file. Return to Flowchart 3 with no authority found.
    3. Flowchart 3, step 4.
      1. Flowchart 5, steps 1, 2, and 3. Public authority is sufficient.
      2. Flowchart 5, step 4. Owner authority is sufficient. (OWNCP has *ALL.)
      3. Flowchart 5, step 5. The PRICES file does not have a primary group.
      4. Flowchart 5, step 6. Authorized. (The PRICES file is not secured by an authorization list.)

Analysis:

This example shows the performance benefit gained when you avoid defining any private authorities, which are less than public authority, for an object. Although private authority exists for the PRICES file, the public authority is sufficient for this request and can be used without searching private authorities.