Comparison of group profiles and authorization lists

Group profiles are used to simplify managing user profiles that have similar security requirements. Authorization lists are used to secure objects with similar security requirements.

Table 1 shows the characteristics of the two methods.

Table 1. Authorization list and group profile comparison
Item being compared	Authorization list	Group profile
Used to secure multiple objects	Yes	Yes
User can belong to more than one	Yes	Yes
Private authority overrides other authority	Yes	Yes
User must be assigned authority independently	Yes	No
Authorities specified are the same for all objects	Yes	No
Object can be secured by more than one	No	Yes
Authority can be specified when the object is created	Yes	Yes ¹
Can secure all object types	No	Yes
Association with object is deleted when the object is deleted	Yes	Yes
Association with object is saved when the object is saved	Yes	Yes ²
¹ The group profile can be given authority when an object is created by using the GRPAUT parameter in the profile of the user creating an object. ² Primary group authority is saved with the object. Private group authorities are saved if PVTAUT(*YES) is specified on the save command.

For the authorization list of the item "Authority can be specified when the object is created":

To assign an authorization list to a library-based object, specify AUT (*LIBCRTAUT) on the CRTxxxx command and the CRTAUT (authorization-list-name) for the library. Some objects, such as validation lists, cannot use a value of *LIBCRTAUT in the CRT command.
To assign an authorization list to a directory-based object, specify the *INDIR value for the DTAAUT and OBJAUT parameters on the MKDIR command. In this way, the authorization list secures both the parent directory and the new one. The system does not allow an arbitrary authorization list to be specified when an object is created.