Use Adopted Authority (QUSEADPAUT)

Edit online

The Use Adopted Authority (QUSEADPAUT) system value defines which users can create programs with the use adopted authority (*USEADPAUT(*YES)) attribute.

All users authorized by the QUSEADPAUT system value can create or change programs and service programs to use adopted authority if the user has the necessary authority to the program or service program.

The system value can contain the name of an authorization list. The user's authority is checked against this list. If the user has at least *USE authority to the named authorization list, the user can create, change, or update programs or service programs with the USEADPAUT(*YES) attribute. The authority to the authorization list cannot come from adopted authority.

If an authorization list is named in the system value and the authorization list is missing, the function being attempted will not complete. A message is sent indicating this.

However, if the program is created with the QPRCRTPG API, and the *NOADPAUT value is specified in the option template, the program creates successfully even if the authorization list does not exist.

If more than one function is requested on the command or API, and the authorization list is missing, the function is not performed.

Note: This system value is a restricted value. See Security system values for details on how to restrict changes to security system values and a complete list of the restricted system values.

Table 1. Possible values for the QUSEADPAUT system value:
Value	Description
authorization list name	A diagnostic message is signaled to indicate that the program is created with USEADPAUT(*NO) if all of the following are true: The user does not have authority to the specified authorization list. There are no other errors when the program or service program is created.
*NONE¹	All users can create, change, or update programs and service programs to use the authority of the program which called them if the user has the necessary authority to the program or service program.
¹ *NONE indicates that no authorization list is used and by default all users will be allowed to access programs that use adopted authority.

Recommended value: For production machines, create an authorization list with authority of *PUBLIC(*EXCLUDE). Specify this authorization list for the QUSEADPAUT system value. This prevents anyone from creating programs that use adopted authority.

You should carefully consider the security design of your application before creating the authorization list for QUSEADPAUT system value. This is especially important for application development environments.