Working with individual object authority

You can change the authority for an object.

To change the authority for an object, you must have one of the following authorities:
  • *ALLOBJ authority or membership in a group profile that has *ALLOBJ special authority.
    Note: The group's authority is not used if you have private authority to the object.
  • Ownership of the object. If a group profile owns the object, any member of the group can act as the object owner, unless the member has been given specific authority that does not meet the requirements for changing the object's authority.
  • *OBJMGT authority to the object and any authorities being granted or revoked (except *EXCLUDE). Any user who is allowed to work with the object's authority can grant or revoke *EXCLUDE authority.

The easiest way to change authority for an individual object is with the Edit Object Authority display. This display can be called directly by using the Edit Object Authority (EDTOBJAUT) command or selected as an option from the Work with Objects by Owner, Work with Objects by Private Authority, Work with Objects by Primary Group, or Work with Objects display.

                            Edit Object Authority
Object. . . . . . :   DTA1       Owner  . . . . . . . :   PGMR1
  Library . . . . :   TESTLIB    Primary group  . . . :   *NONE
Object type.. . . :   *DTAARA    ASP device . . . . . :   *SYSBAS
Type changes to current authorities, press Enter.
  Object secured by authorization list  . . . . . . . :   OBJLST
User        Group       Authority
*PUBLIC                 *AUTL
PGMR1                   *ALL
You can also use these commands to change object authority:
  • Change Authority (CHGAUT)
  • Work with Authority (WRKAUT)
  • Grant Object Authority (GRTOBJAUT)
  • Revoke Object Authority (RVKOBJAUT)

To specify the generic authority subsets, such as Read/Write (*RX) or Write/Execute (*WX), you must use the CHGAUT or WRKAUT commands.