Comparison of group profiles and authorization lists

Group profiles are used to simplify managing user profiles that have similar security requirements. Authorization lists are used to secure objects with similar security requirements.

Table 1 shows the characteristics of the two methods.

Table 1. Authorization list and group profile comparison
Item being compared Authorization list Group profile
Used to secure multiple objects Yes Yes
User can belong to more than one Yes Yes
Private authority overrides other authority Yes Yes
User must be assigned authority independently Yes No
Authorities specified are the same for all objects Yes No
Object can be secured by more than one No Yes
Authority can be specified when the object is created Yes Yes 1
Can secure all object types No Yes
Association with object is deleted when the object is deleted Yes Yes
Association with object is saved when the object is saved Yes Yes 2
The group profile can be given authority when an object is created by using the GRPAUT parameter in the profile of the user creating an object.
Primary group authority is saved with the object. Private group authorities are saved if PVTAUT(*YES) is specified on the save command.
For the authorization list of the item "Authority can be specified when the object is created":
  • To assign an authorization list to a library-based object, specify AUT (*LIBCRTAUT) on the CRTxxxx command and the CRTAUT (authorization-list-name) for the library. Some objects, such as validation lists, cannot use a value of *LIBCRTAUT in the CRT command.
  • To assign an authorization list to a directory-based object, specify the *INDIR value for the DTAAUT and OBJAUT parameters on the MKDIR command. In this way, the authorization list secures both the parent directory and the new one. The system does not allow an arbitrary authorization list to be specified when an object is created.