5.2.3 The Special *PUBLIC User
When allowing or disallowing access to an object it is very difficult to nominate specific access rights for each and every IBM i user profile. To avoid having to do this a 'special' user profile of *PUBLIC can be used.
The *PUBLIC user profile means 'any other IBM i user' not specifically mentioned in the list of authorized users. Thus if a file had the following security information associated with it:
|
User |
Def: Use |
Def: Mod |
Def: Dlt |
Data: R |
Data: A |
Data: C |
Data: D |
|
QPGMR |
X |
X |
X |
X |
X |
X |
X |
|
QSECOFR |
X |
X |
X |
X |
X |
X |
X |
|
QSYSOPR |
X |
|
|
X |
X |
X |
X |
|
QUSER |
|
|
|
|
|
|
|
|
*PUBLIC |
X |
|
|
X |
|
|
|
It can be seen that:
- Users QPGMR and QSECOFR have full rights to the file.
- User QSYSOPR can read, change, update and delete records in the file but cannot modify or delete the file definition.
- User QUSER has no rights at all to the file
- Any other user (*PUBLIC) can read information from the file.