Authorization lists are useful for granting a fixed group of authorities to many similar objects. Often objects of the same type in the same application can be secured with the same directives. Authorization lists allow a system administrator to specify security for a large number of objects in a single place. This greatly simplifies the management of security. With authorization lists any new object that is created can then be added to an existing authorization list thereby instantly defining the access rights for hundreds of users.
A good use of an authority list would be to give all users of an application *USE authority to all of the programs in an applications program library. *USE authority gives the user the ability to execute the program, but does not allow the user to change, move, or delete the programs. If there are 1000 users of that application, and a new program is added to the authorization list, instantly all 1000 users have the authority to use the program.
Review the use of authorization lists.
Create authorization lists for Production data and Production programs. Grant end users *USE authority to the programs and *CHANGE authority to the data. Maintain application security through these authorization lists for simplicity.
Use the Compliance Monitor 'Auth List Object Authority Information' report (in the 'Object' group of reports) for a complete list of authorization lists on the system and who belongs to them.
In the example screenshot below, a console filter has been applied so that only the POWERABADM authorization list (used to control access to PowerTech Authority Broker) is displayed.
© 2010 The PowerTech Group, Inc.
All Rights Reserved