Advantages of using an authorization list
You can use authorization lists to protect objects on your system.
An authorization list has these advantages:
- Authorization lists simplify managing authorities. User authority is defined for the authorization list, not for the individual objects on the list. If a new object is secured by the authorization list, the users on the list gain authority to the object.
- One operation can be used to give a user authority to all the objects on the list.
- Authorization lists reduce the number of private authorities on
the system. Each user has a private authority to one object, the
authorization list. This gives the user authority to all the objects
on the list. Reducing the number of private authorities in the system
has the following advantages:
- Reduces the size of user profiles.
- Improves the performance when saving the system (SAVSYS) or saving the security data (SAVSECDTA).
- Authorization lists provide a good way to secure files. If you use private authorities, each user will have a private authority for each file member. If you use an authorization list, each user will have only one authority. Also, files that are open cannot have authority granted to the file or revoked from the file. If you secure the file with an authorization list, you can change the authorities, even when the file is open.
Authorization lists provide a way
to remember authorities when an object is saved. When an object is
saved that is secured by an authorization list, the name of the authorization
list is saved with the object. If the object is deleted and restored
to the same system, it is automatically linked to the authorization
list again. If the object is restored on a different system, the authorization
list is not linked, unless ALWOBJDIF(*ALL), ALWOBJDIF(*AUTL), or ALWOBJDIF(*COMPATIBLE)
is specified on the restore command.
- From a security management view, an authorization list is the preferred method to manage objects that have the same security requirements. Even when there are only a few objects that are secured by the list, there is still an advantage of using an authorization list over using private authorities on the object. Because the authorities are in one place (the authorization list), it is easier to change who is authorized to the objects. It is also easier to secure any new objects with the same authorities as the existing objects.