Describing menu security

As an application designer, you need to provide information about a menu for the security administrator. The security administrator uses this information to decide who should have access to the menu and what authorities are required.

Examples of the type of information that a security administrator needs are:
  • Whether any menu options require special authorities, such as *SAVSYS or *JOBCTL.
  • Whether menu options call programs that adopt authority.
  • What authority to objects is required for each menu option. You should only need to identify those authorities that are greater than normal public authority.

Figure 1 shows a sample format for providing this information.

Figure 1. Format for menu security requirements
Menu name: MENU1               Library:   QGPLOption number:  3               Description:  Query
Program called: QRYSTART       Library:   QGPL
Authority adopted:  QRYUSR
Special authority required:  None
Object authorities required:  User must have *USE authority to QRYSTART
program. QRYUSR must have *USE authority to libraries containing
files to be queried.  User, QRYUSR, or public must have *USE
authority to files being queried.