When allowing or disallowing access to an object it is very difficult to nominate specific access rights for each and every IBM i user profile. To avoid having to do this a 'special' user profile of *PUBLIC can be used.
The *PUBLIC user profile means 'any other IBM i user' not specifically mentioned in the list of authorized users. Thus if a file had the following security information associated with it:
User | Def: Use | Def: Mod | Def: Dlt | Data: R | Data: A | Data: C | Data: D |
|---|---|---|---|---|---|---|---|
QPGMR | X | X | X | X | X | X | X |
QSECOFR | X | X | X | X | X | X | X |
QSYSOPR | X | X | X | X | X | ||
QUSER | |||||||
*PUBLIC | X | X |
It can be seen that:
- Users QPGMR and QSECOFR have full rights to the file.
- User QSYSOPR can read, change, update, and delete records in the file but cannot modify or delete the file definition.
- User QUSER has no rights at all to the file
- Any other user (*PUBLIC) can read information from the file.