System-defined authorities

Your system was shipped with several system-defined authorities: *USE, *CHANGE, *ALL, and *EXCLUDE. These authorities apply to securing files, programs, and libraries.

Use this information to plan system-defined authorities. To design simple resource security, try to plan security for entire libraries. The table shows how system-defined authorities apply to securing files, programs, and libraries:

Table 1. System-defined authorities
  *USE authority *CHANGE authority *ALL authority *EXCLUDE1 authority
Operations allowed for files View information in the file. View, change, and delete records in the file. Create and delete the file. Add, change, and delete records in the file. Authorize others to use the file. None.
Operations not allowed for files Change or delete any information in the file. Delete the file. Delete or clear the entire file. None. Any access to the file.
Operations allowed for programs Run the program. Change the description of the program. Create, change, and delete the program. Authorize others to use the program. None.
Operations not allowed for programs Change or delete the program. Change or delete the program. Change the owner of the program, if the program adopts authority. Any access to the program.
Operations allowed for libraries
  • For objects in the library, any operation allowed by the authority to the specific object.
  • For the library, view descriptive information.
  • For objects in the library, any operation allowed by the authority to the specific object.
  • Add new objects to the library.
  • Change the library description.
  • Everything allowed with change authority.
  • Delete the library.
  • Authorize others to the library.
 None.
Operations not allowed for libraries
  • Add new objects to the library.
  • Change the library description.
  • Delete the library.
 Delete the library. None. Any access to the library.
1
*EXCLUDE overrides any authorities that you grant to the public or through a group profile.