Use Adopted Authority (QUSEADPAUT)
The Use Adopted Authority (QUSEADPAUT) system value defines which users can create programs with the use adopted authority (*USEADPAUT(*YES)) attribute.
All users authorized by the QUSEADPAUT system value can create or change programs and service programs to use adopted authority if the user has the necessary authority to the program or service program.
The system value can contain the name of an authorization list. The user's authority is checked against this list. If the user has at least *USE authority to the named authorization list, the user can create, change, or update programs or service programs with the USEADPAUT(*YES) attribute. The authority to the authorization list cannot come from adopted authority.
If an authorization list is named in the system value and the authorization list is missing, the function being attempted will not complete. A message is sent indicating this.
However, if the program is created with the QPRCRTPG API, and the *NOADPAUT value is specified in the option template, the program creates successfully even if the authorization list does not exist.
If more than one function is requested on the command or API, and the authorization list is missing, the function is not performed.
|authorization list name||A diagnostic message is signaled to indicate that the program is
created with USEADPAUT(*NO) if all of the following are true:
|*NONE1||All users can create, change, or update programs and service programs to use the authority of the program which called them if the user has the necessary authority to the program or service program.|
Recommended value: For production machines, create an authorization list with authority of *PUBLIC(*EXCLUDE). Specify this authorization list for the QUSEADPAUT system value. This prevents anyone from creating programs that use adopted authority.
You should carefully consider the security design of your application before creating the authorization list for QUSEADPAUT system value. This is especially important for application development environments.