All-Object Authority (*ALLOBJ) : This is the most powerful authority on any AS400 system. This authority grants the user complete access to everything on the system. A user with All-Object Authority cannot be controlled.

Service Authority (*SERVICE) : Service Authority provides the user with the ability to change system hardware and disk configurations, to sniff network traffic and to put programs into debug mode (troubleshooting mode) and see their internal workings. The system services tools include the ability to trace systems functions and to patch and alter user made and IBM delivered programs on disk

manipulate data on disk.

Save and Restore Authority (*SAVSYS) : This authority allows the user to backup and restore objects. The user need not have authority to those objects. The risk with SAVSYS Authority is that a user with this authority can save all objects (including the most sensitive files) to disk (save file), delete any object (with the Free Storage option), restore the file to an alternate library, and then view and alter the information. Should the user alter the information, they would have the ability to replace the production object with

their saved version.

System Configuration Authority (*IOSYSCFG) : System communication configuration authority can also be used to set up nearly invisible access from the outside as a security officer -- without needing a password. System Configuration Authority provides the ability to configure and change communication configurations (e.g. lines, controllers, devices), including the system's TCP/IP and Internet connection information.

Spool Control Authority (*SPLCTL) : Spool Control authority gives the user read and modify all spooled objects (reports, job queue entries, etc.) on your system. The user may hold, release and clear job and output queues, even if they are not authorized to those queues.

Security Administrator Authority (*SECADM) : Security Administrator grants the authority to create, change and delete user ID?s. This authority should be reserved to essential administration personnel only.

Job Control Authority (*JOBCTL) : Job Control Authority can be used to power down the system or toterminate subsystems or individual jobs at any time, even during critical operational periods. Job Control Authority provides the capability to control other user?s jobs as well as their spooled files and printers.

Audit Authority (*AUDIT) : Audit Authority puts a user in control of the system auditing functions. Such a user can manipulate the system values that control auditing and control user and object auditing. These users could also turn off auditing for sensitive objects in an effort to obscure certain actions