Restricting read/write operations to files

Barry Harper
Barry Harper used Ask the Experts™
Display File Description DSPFD shows:  
Allow read operation  . . . . . . . . . . . :            Yes    
Allow write operation . . . . . . . . . . . :            Yes    
Allow update operation  . . . . . . . . . . : ALWUPD     *NO    
Allow delete operation  . . . . . . . . . . : ALWDLT     *NO    

The last two parameters area set using Create Physical File CRTPF; how are the first two set?

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
read / write are file fundamentals - it is what files are for hence will always be there.
a write operation will be disabled on a join logical as will update and delete.
a read operation I have no idea!

VP Technology / Senior Consultant
You need to use object authority if you want to limit the users who can read or write a file.

Use DSPOBJAUT and EDTOBJAUT commands to view view and edit authorities for a single object.
Use GRTOBJAUT to set authorities for a group of objects.

Note that just like in Windows, it is the best practice to set up group profile, assign users to member of groups, and assign object rights to group profiles.  If you have a large number of objects that all require identical settings, you would create an authorization list (CRTAUTL), assign rights to each group, and then attach that authorization list to each object.

The Security Reference for your OS version explains IBM i security in detail.  Search "IBM i Security Reference VxRy", where x and y are the version and release that you are running.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial