Fine-tuning user authorizations

Discussion created by Antoine_Sauteron_1266 on Jul 21, 2016
Latest reply on Jul 18, 2017 by Julia_Buchner_9324
User authorizations will allow you to set object-related permissions. For instance, if I want the user TESTSAA to only able to run all JOBS with login object @LOGIN.SAA, but not edit them or modify them, I will need to set the permissions as below :

  • JOBS : Name '*' for all names and 'X' for execution authorization.
  • FOLD: here '*' with read (R) permission for all folders. I could as well restrict the folders that can be seen by this user, by setting their names, or using a wildcard (e.g. FOLD* would allow the user to read FOLDER1, FOLDER2, FOLDER.TEST, etc.)
  • JOBI: by default jobs contain a job include (JOBI) object, like HEADER.UNIX and HEADER.WINDOWS. Without permissions on at least these objects it will not be possible to run jobs that use theseincludeobjects.
  • LOGIN: usually a job will require a login object to be executed.
These can be adjusted either at the user or the user group level.