Setting up an authorization list

The setup of an authorization list makes it easier to change who is authorized to the objects, and easier to secure any new objects with the same authorities as the existing objects.

At the JKL Toy Company, an authorization list is used to secure all the work files used in month-end inventory processing. These work files are cleared, which requires *OBJMGT authority. As application requirements change, more work files may be added to the application. Also, as job responsibilities change, different users run month-end processing. An authorization list makes it simpler to manage these changes.
Follow these steps to set up the authorization list.
  1. Create the authorization list: 
    CRTAUTL ICLIST1
  2. Secure all the work files with the authorization list: 
    GRTOBJAUT OBJ(ITEMLIB/ICWRK*) +
          OBJTYP(*FILE) AUTL(ICLIST1)
  3. Add users to the list who perform month-end processing: 
    ADDAUTLE AUTL(ICLIST1) USER(USERA) AUT(*ALL)
If you use authorization lists, then you should not have private authorities on the object. Two searches of the user's private authorities are required during the authority checking if the object has private authorities and the object is also secured by an authorization list. The first search is for the private authorities on the object; the second search is for the private authorities on the authorization list. Two searches require use of system resources; therefore, the performance can be impacted. If you use only the authorization list, only one search is performed. Also, because of the use of authority caching with the authorization list, the performance for the authority check will be the same as it is for checking only private authorities on the object.
Parent topic: Working with authorization lists