Removing the User from Object Authorization List

Posted on 2009-04-24
Last Modified: 2012-05-06
Dear Team,

We have tried through RVKOBJAUT,
But what we want exactly is to remove the user completely from the List.
I have tried the solution which you have given, but that  is not the exact solution we are looking for. I am attaching the screen shots, from which you can find the problem easily,
Please refer the screen shot.

When object is under lock, is it possible to remove or grant Authorities?

Bsid team
Question by:Bsidmis
    LVL 34

    Expert Comment

    by:Gary Patterson
    1) You must obtain an exclusive lock in order to change object authorities.

    2) Since you have assigned *EXCLUDE to this user, you need to revoke AUT(*EXCLUDE).  You are trying to remove *DLT authority in the example: That isn't going to do much for you since the user doesn't have *DLT authority to the object in the first place.

    • GRTOBJAUT grants authorities and adds the user to the access list if they aren't already on it.
    • RVKOBJAUT removes object and data authorities.  The user is only removed from the object's access list if -all- of that user's authorites have been removed.
    - Gary Patterson

    LVL 14

    Expert Comment

    use the RMVAUTLE command

    LVL 13

    Expert Comment

    Authorization lists are a good idea, because they allow you to change authorities without having to allocate the object itself.

    One technique to get the lock you need is to submit the command to batch on hold. Then change the job's default wait time to *NOMAX (or a high value) and release the job. You will then get the lock required if it is released.

    LVL 34

    Accepted Solution

    dave: Bsidmis is not using an authorization list in the Word document, so RMVAUTLE won't help.  Needs to use RVKOBJAUT AUT(*EXCLUDE) in this particular case.

    I think there is some confusion on Bsidmis's part about the term "authorization list".  It is being used here (incorrectly) to refer to the list of object authorities.

    Bsidmis:  The term "authorization list" refers to a special AS/400 object used to grant identical authorities to a group of objects.  I would suggest you refer to the list of authorities in your example as "the list of object authorities" - it is confusing when you use the term "authorization list" since it means something specific that has noting to do with your question.

    - Gary Patterson


    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
    For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now