In this module, we will delve into the critical aspects of security and permissions in Control Language (CL). Understanding how to manage security and permissions is essential for maintaining the integrity and confidentiality of your system and data.

1. User Profiles: Define the identity of users and their access rights.
2. Object Authority: Control access to objects such as files, programs, and libraries.
3. Authorization Lists: Group objects and assign permissions collectively.
4. Adopted Authority: Temporarily elevate permissions for specific tasks.
5. Security Levels: System-wide settings that enforce security policies.

User profiles are the foundation of security in CL. They define who can access the system and what they can do.

• USRPRF: Specifies the user profile name.
• PASSWORD: Sets the initial password.
• USRCLS: Defines the user class (e.g., *USER, *SECADM).
• TEXT: Provides a description of the user profile.

• CHGUSRPRF: Command to change user profile attributes.
• STATUS: Disables the user profile.

Object authority determines what actions a user can perform on an object.

• GRTOBJAUT: Grants authority to an object.
• OBJ: Specifies the object path.
• OBJTYPE: Defines the type of object (e.g., *FILE, *PGM).
• USER: Indicates the user receiving the authority.
• AUT: Specifies the type of authority (e.g., *ALL, *USE, *CHANGE).

• RVKOBJAUT: Revokes authority from an object.

Authorization lists simplify the management of permissions by grouping objects.

• CRTAUTL: Creates an authorization list.
• AUTL: Specifies the authorization list name.
• TEXT: Provides a description.

• ADDAUTLE: Adds an object to an authorization list.

Adopted authority allows a program to run with the authority of the program owner.

• CRTPGM: Creates a program.
• USRPRF: Specifies the user profile to adopt (*OWNER).

Security levels enforce system-wide security policies.

• CHGSYSVAL: Changes a system value.
• SYSVAL: Specifies the system value to change (QSECURITY).
• VALUE: Sets the security level (e.g., 20, 30, 40, 50).

1. Create a User Profile: Create a user profile named DEVUSER with a password devpass and user class *USER.
2. Grant Object Authority: Grant DEVUSER *USE authority to a file /home/dev/file.txt.
3. Create an Authorization List: Create an authorization list DEVLIST and add the file /home/dev/file.txt to it.
4. Set Adopted Authority: Create a program MYLIB/DEVPGM that adopts the owner's authority.

• Mistake: Forgetting to specify the correct object type when granting or revoking authority.
  • Tip: Always double-check the object type to ensure the command applies correctly.
• Mistake: Not setting a strong password for user profiles.
  • Tip: Use complex passwords and enforce password policies to enhance security.

In this module, we covered the essential aspects of security and permissions in CL, including user profiles, object authority, authorization lists, adopted authority, and security levels. By mastering these concepts, you can effectively manage access and maintain the security of your system. In the next module, we will explore interfacing with other systems, which will build on the security foundations we've established here.