PMS Information Systems
Welcome to PMS Information Systems - IBM i (AS/400) Forum !!!

Get Answers for all your queries on IBM i (AS/400).

Are Group Profiles or Authorization Lists Better?

Go down

Are Group Profiles or Authorization Lists Better?

Post  maran on Mon May 13, 2013 11:34 am

It’s not a matter of one being better than the other. It’s a matter of using the one that makes the most sense for the problem we’re trying to solve. If we have several profiles that all require the same authorities, we’ll want to put them in a group and authorize the group. Additionally, group profiles are the way to implement role-based access on IBM i. Create a group to represent a role, authorize the group according to the tasks required by the tasks this role must perform and then add the users who perform this role to the group.

Authorization lists let us authorize numerous objects in the same way. For example, if users need the same authority to several files, we can secure the files with an authorization list, then grant the users authority (for example *USE) to the list. The user now has *USE authority to any file secured by the authorization list. We often use a combination of authorization lists and groups. For example, an accounts receivable application has a set of files the accounting manager role is allowed to download. we secure those files with an authorization list, then grant the group profile representing the Accounting Manager role *USE authority to the authorization list. When another person is hired in that role, we can simply add them to the Accounting Manager group and they automatically have authority to the files they need.

Posts : 442
Join date : 2009-07-24

View user profile

Back to top Go down

Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum