asked on

Removing the User from Object Authorization List

Dear Team,

We have tried through RVKOBJAUT,
But what we want exactly is to remove the user completely from the List.
I have tried the solution which you have given, but that is not the exact solution we are looking for. I am attaching the screen shots, from which you can find the problem easily,
Please refer the screen shot.

When object is under lock, is it possible to remove or grant Authorities?

thanks
Bsid team
Doc1.doc

Gary Patterson, CISSP

1) You must obtain an exclusive lock in order to change object authorities.

2) Since you have assigned *EXCLUDE to this user, you need to revoke AUT(*EXCLUDE). You are trying to remove *DLT authority in the example: That isn't going to do much for you since the user doesn't have *DLT authority to the object in the first place.

GRTOBJAUT grants authorities and adds the user to the access list if they aren't already on it.
RVKOBJAUT removes object and data authorities. The user is only removed from the object's access list if -all- of that user's authorites have been removed.

- Gary Patterson

daveslater

Hi
use the RMVAUTLE command

dave

Barry Harper

Authorization lists are a good idea, because they allow you to change authorities without having to allocate the object itself.

One technique to get the lock you need is to submit the command to batch on hold. Then change the job's default wait time to *NOMAX (or a high value) and release the job. You will then get the lock required if it is released.

Barry

ASKER CERTIFIED SOLUTION

Gary Patterson, CISSP

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial