Authority for new objects in a directory
You can specify the authority for new objects in a directory.
When you create a new directory using the CRTDIR (Make Directory), MD (Make Directory) or MKDIR (Make Directory) commands, you specify the data authority and object authority that the public receives for the new directory. If you use the default *INDIR option, the authority for the created directory is determined from its parent directory. Otherwise, you can specify the specific required authority.
When you create a new directory using the mkdir()--Make Directory API, the owner, primary group, and public object authorities for the created directory are determined from the directory in which it is being created in while the owner, primary group, and public data authorities are determined by the mode that is specified on the API call.
The following two examples show different results when you create a new directory with various options.
Starting conditions: Authorities on parent directory:
Display Authority
Object . . . . . . . . . . . . . . : /sanders/mytest
Owner . . . . . . . . . . . . . . : SANDERS
Primary group . . . . . . . . . . : SANDERSGP3
Authorization list . . . . . . . . : *NONE
Data -----Object Authorities-----
User Authority Exist Mgt Alter Ref
*PUBLIC *RWX X X X X
SANDERS *RW
SANDERSGP3 *RX
QPGMR *RWX
QTCM *RWX X X X X
CRTDIR DIR('/sanders/mytest/deletemepub') DTAAUT(*R) OBJAUT(*NONE)
Display Authority
Object . . . . . . . . . . . . . . : /sanders/mytest/deletemepub
Owner . . . . . . . . . . . . . . : SANDERS
Primary group . . . . . . . . . . : SANDERSGP3
Authorization list . . . . . . . . : *NONE
Data -----Object Authorities-----
User Authority Exist Mgt Alter Ref
*PUBLIC *R
SANDERS *RWX
SANDERSGP3 *RX
- The *PUBLIC data and object authorities are set based on the DTAAUT and OBJAUT parameters.
- The owner's (SANDERS) data authorities are set to *RWX but the object authorities are inherited from the parent directory's owner. This means that the owner of this directory has no object authorities to the new directory because the owner of the parent directory has no object authorities to the parent directory.
- The new directory has a primary group profile of SANDERSGP3 because the parent directory has SANDERSGP3 as its primary group profile.
Starting conditions: Authorities on parent directory:
Display Authority
Object . . . . . . . . . . . . . . : /sanders/mytest
Owner . . . . . . . . . . . . . . : SANDERS
Primary group . . . . . . . . . . : SANDERSGP3
Authorization list . . . . . . . . : *NONE
Data -----Object Authorities-----
User Authority Exist Mgt Alter Ref
*PUBLIC *RWX X X X X
SANDERS *RW
SANDERSGP3 *RX
QPGMR *RWX
QTCM *RWX X X X X
CRTDIR DIR('/sanders/mytest/deletemepub')
Display Authority
Object . . . . . . . . . . . . . . : /sanders/mytest/deletemepub
Owner . . . . . . . . . . . . . . : SANDERSUSR
Primary group . . . . . . . . . . : SANDERSGP3
Authorization list . . . . . . . . : *NONE
Data -----Object Authorities-----
User Authority Exist Mgt Alter Ref
*PUBLIC *RWX X X X X
SANDERSUSR *RWX
SANDERSGP3 *RX
QPGMR *RWX
QTCM *RWX X X X X
SANDERS *RW
- The *PUBLIC data and object authorities are inherited from the parent directory; therefore, the data authority is set to *RWX with all object authorities.
- The owner's (SANDERSUSR) data authorities are set to *RWX but the object authorities are inherited from the parent directory's owner. This means that the owner of this directory has no object authorities to the new directory because the owner of the parent directory has no object authorities to the parent directory.
- The new directory has a primary group profile of SANDERSGP3 because the parent directory has SANDERSGP3 as its primary group profile.
- All users who are privately authorized to the parent directory (QPGMR, QTCM), and the owner of the parent directory (SANDERS), are granted the same private authority to the new directory.