5.2.3 The Special *PUBLIC User
When allowing or disallowing access to an object it is very difficult to nominate specific access rights for each and every IBM i user profile. To avoid having to do this a 'special' user profile of *PUBLIC can be used.
The *PUBLIC user profile means 'any other IBM i user' not specifically mentioned in the list of authorized users. Thus if a file had the following security information associated with it:
User
|
Def: Use
|
Def: Mod
|
Def: Dlt
|
Data: R
|
Data: A
|
Data: C
|
Data: D
|
QPGMR
|
X
|
X
|
X
|
X
|
X
|
X
|
X
|
QSECOFR
|
X
|
X
|
X
|
X
|
X
|
X
|
X
|
QSYSOPR
|
X
|
|
|
X
|
X
|
X
|
X
|
QUSER
|
|
|
|
|
|
|
|
*PUBLIC
|
X
|
|
|
X
|
|
|
|
|
It can be seen that:
- Users QPGMR and QSECOFR have full rights to the file.
- User QSYSOPR can read, change, update and delete records in the file but cannot modify or delete the file definition.
- User QUSER has no rights at all to the file
- Any other user (*PUBLIC) can read information from the file.