[Last Call] Learn how to a build a cloud-first strategyRegister Now


Removing the User from Object Authorization List

Posted on 2009-04-24
Medium Priority
Last Modified: 2012-05-06
Dear Team,

We have tried through RVKOBJAUT,
But what we want exactly is to remove the user completely from the List.
I have tried the solution which you have given, but that  is not the exact solution we are looking for. I am attaching the screen shots, from which you can find the problem easily,
Please refer the screen shot.

When object is under lock, is it possible to remove or grant Authorities?

Bsid team
Question by:Bsidmis
  • 2
LVL 36

Expert Comment

by:Gary Patterson
ID: 24222647
1) You must obtain an exclusive lock in order to change object authorities.

2) Since you have assigned *EXCLUDE to this user, you need to revoke AUT(*EXCLUDE).  You are trying to remove *DLT authority in the example: That isn't going to do much for you since the user doesn't have *DLT authority to the object in the first place.

  • GRTOBJAUT grants authorities and adds the user to the access list if they aren't already on it.
  • RVKOBJAUT removes object and data authorities.  The user is only removed from the object's access list if -all- of that user's authorites have been removed.
- Gary Patterson

LVL 14

Expert Comment

ID: 24224040
use the RMVAUTLE command

LVL 13

Expert Comment

ID: 24230068
Authorization lists are a good idea, because they allow you to change authorities without having to allocate the object itself.

One technique to get the lock you need is to submit the command to batch on hold. Then change the job's default wait time to *NOMAX (or a high value) and release the job. You will then get the lock required if it is released.

LVL 36

Accepted Solution

Gary Patterson earned 1500 total points
ID: 24230686
dave: Bsidmis is not using an authorization list in the Word document, so RMVAUTLE won't help.  Needs to use RVKOBJAUT AUT(*EXCLUDE) in this particular case.

I think there is some confusion on Bsidmis's part about the term "authorization list".  It is being used here (incorrectly) to refer to the list of object authorities.

Bsidmis:  The term "authorization list" refers to a special AS/400 object used to grant identical authorities to a group of objects.  I would suggest you refer to the list of authorities in your example as "the list of object authorities" - it is confusing when you use the term "authorization list" since it means something specific that has noting to do with your question.

- Gary Patterson


Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This shares a stored procedure to retrieve permissions for a given user on the current database or across all databases on a server.
Sometimes MS breaks things just for fun... In Access 2003, only the maximum allowable SQL string length could cause problems as you built a recordset. Now, when using string data in a WHERE clause, the 'identifier' maximum is 128 characters. So, …
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question