The following examples illustrate how the group profile support works with product authority. The authorization levels to MIMIX products are, in descending order, as follows:
*ADM (administrator)
*MGT (management)
*OPR (operator)
*DSP (display)
*EXCL (exclude)
These examples use the following assumptions:
*PUBLIC access has been granted *DSP authority to a MIMIX product
Group profile GRPA has *ADM authority to the same product
Group profile GRPM has *MGT authority to the same product
Group profile GRPO has *OPR authority to the same product
Case 1: Default authority User profile USERA has no associated group profiles and does not have a specific security entry for the MIMIX product. USERA is granted *DSP authority to the product because that is the *PUBLIC authority level.
Case 2: Specific user authority User profile USERB has no associated group profiles but there is a specific security entry for the product specifying authority level *EXCL for USERB. USERB is granted *EXCL authority (in this case, denied access to the product).
Case 3: User in multiple groups (1) User profile USERC has no specific security entry, but is a member of both group profiles GRPA and GRPO. Because the highest authorization level for GRPA, GRPO, and *PUBLIC is the *ADM authority associated with group profile GRPA, USERC is granted *ADM authority to the MIMIX product.
Case 4: User in multiple groups (2) User profile USERD has no specific security entry, but is a member of both group profiles GRPM and GRPR. Group profile GRPR does not have a specific security entry. Because the highest authorization level for GRPM and *PUBLIC is the *MGT authority associated with group profile GRPM, USERD is granted *MGT authority to the MIMIX product.
Case 5: User in multiple groups (3) User profile USERE has no specific security entry, but is a member of both group profiles GRPQ and GRPR. Because neither of these group profiles has a specific security entry, USERE is granted *DSP authority (the *PUBLIC authority level) to the product.
Case 6: Attempting to exclude a group of users User profile USERF has no specific security entry but is a member of group profile BADDY. There is a security entry for group profile BADDY which is set to *EXCL authority to the MIMIX product. Because the highest authorization level for BADDY and *PUBLIC is *DSP, USERF is granted *DSP authority to the MIMIX product. Users must be specifically excluded from using a MIMIX product.