An Authorization List is a special system-level object that resides in the QSYS library with object type *AUTL. It defines user authority for objects that belong to the list. When an object is created, rather than creating individual private authorities to the object, just associate it with the appropriate Authorization List. The List, in turn, will control individual and *PUBLIC authority to all of the objects in the list. Your system can contain multiple Authorization Lists and it is recommended that they be created along application boundaries. So, one list could be used for Payroll while another list can be used for Inventory, and so on.
To get started with an Authorization List:
To work with Lists:
Remember that a private authority to an object will override the authority provided by the Authorization List. And a private authority will also override a group profile setup.
To audit authorization lists:
DSPAUTLOBJ AUTL(myautl) OUTPUT(*OUTFILE)
OUTFILE(QTEMP/AUTLOBJS)
Substitute the name of your Authorization List where you see "myautl"
DSPOBJD OBJ(mylibrary/*ALL) OBJTYPE(*ALL) OUTPUT(*OUTFILE)
OUTFILE(QTEMP/LIBOBJS)
If you then want to add more objects from another library, use the following command format:
DSPOBJD OBJ(mylibrary2/*ALL) OBJTYPE(*ALL) OUTPUT(*OUTFILE)
OUTFILE(QTEMP/LIBOBJS) OUTMBR(*FIRST *ADD)
Once both databases have created use an ad-hoc query reporting tool to match the two databases and generate a control report. For example, create a report to list the library name, object name, object type and object text description. The primary file in the query is the list of objects in the library and the list of objects from the Authorization List is the secondary file. For the key matching, select the library name, object name and object type as they should be unique. For the type of match, select the 3rd option that shows as "Unmatched records with primary file". This will end up only printing those objects that are in the library but are not secured by the Authorization List.
Our product iSecMap includes built-in support to audit authorization lists.