Restoring objects

When you restore an object to the system, the system uses the authority information stored with the object. This topic describes the rules applicable to the authority information when restoring objects.

The following applies to the security of the restored object:

Object ownership:
  • If the profile that owns the object exists on the system, ownership is restored to that profile.
  • If the owner profile does not exist on the system, ownership of the object is given to the QDFTOWN (default owner) user profile.
  • If the object exists on the system and the owner on the system is different from the owner on the save media, the object is not restored unless ALWOBJDIF(*ALL), ALWOBJDIF(*OWNER), or ALWOBJDIF(*COMPATIBLE) is specified. In that case, the object is restored and the owner on the system is used.
  • See Restoring programs for additional considerations when restoring programs.

Primary group:

For an object that does not exist on the system:
  • If the profile that is the primary group for the object is on the system, the primary group value and authority are restored for the object.
  • If the profile that is the primary group does not exist on the system:
    • The primary group for the object is set to none.
    • The primary group authority is set to no authority.

When an existing object is restored, the primary group for the object is not changed by the restore operation.

Public authority:
  • If the object that is being restored does not exist on the system, public authority is set to the public authority of the saved object.
  • If the object that is being restored does exist and is being replaced, public authority is not changed. The public authority from the saved version of the object is not used.
  • The CRTAUT for the library is not used when restoring objects to the library.
Authorization list:
  • If an object, other than a document or folder, already exists on the system and is linked to an authorization list, the ALWOBJDIF parameter determines the result:
    • If ALWOBJDIF(*NONE) is specified, the existing object must have the same authorization list as the saved object. If not, the object is not restored.
    • If ALWOBJDIF(*ALL), ALWOBJDIF(*AUTL), or ALWOBJDIF(*COMPATIBLE) is specified, the object is restored. The object is linked to the authorization list that is associated with the existing object.
  • If a document or folder that already exists on the system is restored, the authorization list that is associated with the object on the system is used. The authorization list from the saved document or folder is not used.
  • If the authorization list does not exist on the system, the object is restored without being linked to an authorization list and the public authority is changed to *EXCLUDE.
  • If the object is being restored on the same system from which it was saved, the object is linked to the authorization list again.
  • If the object is being restored on a different system, the ALWOBJDIF parameter on the restore command is used to determine whether the object is linked to the authorization list:
    • If ALWOBJDIF(*ALL), ALWOBJDIF(*AUTL), or ALWOBJDIF(*COMPATIBLE) is specified, the object is linked to the authorization list.
    • If ALWOBJDIF(*NONE) is specified, then the object is not linked to the authorization list and the public authority of the object is changed to *EXCLUDE.
Private authorities:
  • Private authority is saved with user profiles, and with objects if PVTAUT(*YES) is specified on the SAVxxx command.
  • If user profiles have private authority to an object that is being restored, those private authorities are typically not affected. Restoring certain types of programs might result in private authorities being revoked.
  • If an object is deleted from the system, the private authority for the object no longer exists on the system. When an object is deleted, all private authority to the object is removed from user profiles. If the object is then restored from a save version, the private authorities can be restored if PVTAUT(*YES) was specified when the object was saved.
  • If private authorities need to be recovered and the private authorities were not saved with the object, then the Restore Authority (RSTAUT) command must be used. The normal sequence is:
    1. Restore user profiles
    2. Restore objects
    3. Restore authority
Object auditing:
  • If the object that is being restored does not exist on the system, the object auditing (OBJAUD) value of the saved object is restored.
  • If the object that is being restored does exist and is being replaced, the object auditing value is not changed. The OBJAUD value of the saved version of the object is not restored.
  • If a library or directory that is being restored does not exist on the system, the create object or directory auditing (CRTOBJAUD) value for the library or directory is restored.
  • If a library or directory that is being restored exists and is being replaced, the CRTOBJAUD value for the library or directory is not restored. The CRTOBJAUD value for the existing library or directory is used.
Authority holder:
  • If a file is restored and an authority holder exists for that file name as well as the library to which it is being restored, the file is linked to the authority holder.
  • The authority information associated with the authority holder replaces the public authority and owner information saved with the file.

User domain objects:

The system restricts user domain objects (*USRSPC, *USRIDX, and *USRQ) to the libraries specified in the QALWUSRDMN system value. If a library is removed from the QALWUSRDMN system value after a user domain object of type *USRSPC, *USRIDX, or *USRQ is saved, the system changes the object to system domain when it is restored.

Function registration information:

The function registration information can be restored by restoring the QUSEXRGOBJ *EXITRG object into QUSRSYS. This restores all of the registered functions. The usage information associated with the functions is restored when user profiles and authorities are restored.

Applications that use certificates registration:

The applications that use certificates registration information can be restored by restoring the QUSEXRGOBJ *EXITRG object into QUSRSYS. This restores all of the registered applications. The association of the application to its certificate information can be restored by restoring the QYCDCERTI *USRIDX object into QUSRSYS.