Comparison of group profiles and authorization lists
Group profiles are used to simplify managing user profiles that have similar security requirements. Authorization lists are used to secure objects with similar security requirements.
Table 1 shows the characteristics of the two methods.
Item being compared | Authorization list | Group profile |
---|---|---|
Used to secure multiple objects | Yes | Yes |
User can belong to more than one | Yes | Yes |
Private authority overrides other authority | Yes | Yes |
User must be assigned authority independently | Yes | No |
Authorities specified are the same for all objects | Yes | No |
Object can be secured by more than one | No | Yes |
Authority can be specified when the object is created | Yes | Yes 1 |
Can secure all object types | No | Yes |
Association with object is deleted when the object is deleted | Yes | Yes |
Association with object is saved when the object is saved | Yes | Yes 2 |
|
For the authorization list of the item "Authority can be specified when
the object is created":
- To assign an authorization list to a library-based object, specify AUT (*LIBCRTAUT) on the CRTxxxx command and the CRTAUT (authorization-list-name) for the library. Some objects, such as validation lists, cannot use a value of *LIBCRTAUT in the CRT command.
- To assign an authorization list to a directory-based object, specify the *INDIR value for the DTAAUT and OBJAUT parameters on the MKDIR command. In this way, the authorization list secures both the parent directory and the new one. The system does not allow an arbitrary authorization list to be specified when an object is created.