Editing the Authority on a Key Store

To edit the authority on a Key Store, you must have authority to the EDTOBJAUT command and must have *OBJMGT rights to the Validation List object.

Do the following steps to edit the authority on a Validation List object that contains a Key Store:

Enter the command of EDTOBJAUT OBJ( library / vldlist ) OBJTYPE(*VLDL), where library is the name of the library that contains the Validation List and vldlist is the name of the Key Store Validation List.
Specify the authorities for the object.
Press Enter after the authorities are entered.

Authority recommendations for Key Store Validation List (*VLDL) objects:

Grant *PUBLIC *USE authority. Also ensure that *PUBLIC has at least *USE authority to the library that contains the Key Store.
Grant *CHANGE authority only to those users (Key Officers) who are allowed to create new Data Encryption Keys (DEKs) into the Key Store.

NOTE: If a user attempts to access an unauthorized Key Store through Powertech Encryption for IBM i’s screens or APIs, that authority error will be logged into an audit file.

For a complete discussion regarding using Key Store Authority and Authorization Lists to control encryption and decryption, see Controlling Access to Decrypted Values.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
4.0 | 202307100156 | July 2023