OBJECT_PRIVILEGES table function

The OBJECT_PRIVILEGES table function returns a row for every user authorized to the specified object, along with their associated object and data authorities.

The information returned is similar to the information available through the Display Object Authority (DSPOBJAUT) CL command.

Authorization: All authorized users are returned for an object when at least one of the following is true:

The caller has *OBJMGT authority.
The caller is the owner of the object.
The object is an authorization list.
The caller is authorized to the QIBM_DB_SECADM function usage identifier.

Otherwise, only authorizations for the caller are returned.

The schema is QSYS2.

system-object-schema: A character or graphic string expression that identifies the library that contains system-object-name.
system-object-name: A character or graphic string expression that identifies the object.
object-type: A character or graphic string expression that specifies the system object type of system-object-name.

The result of the function is a table containing rows with the format shown in the following table. All columns are nullable.

Table 1. OBJECT_PRIVILEGES table function
Column name	Data type	Description
AUTHORIZATION_USER	VARCHAR(10)	User profile name. Can contain the following special value. *PUBLIC This row contains the public authority for the object.
OBJECT_AUTHORITY	VARCHAR(12)	The authority that the user has to the object. Contains one of the following special values: ALL Allows all operations on the object except those that are limited to the owner or controlled by authorization list management authority. AUTL The public authority specified in the authorization list used by this object is used. CHANGE Allows all operations on the object except those that are limited to the owner or controlled by object existence authority, object alter authority, object reference authority, and object management authority. EXCLUDE All operations on the object are prohibited. *USE Allows access to the object attributes and use of the object. The user cannot change the object. USER DEFINED The specific object authorities and data authorities do not match any of the predefined object authority levels.
AUTHORIZATION_LIST	VARCHAR(10)	The name of the authorization list if the object is secured by an authorization list. Contains null if the object is not secured by an authorization list.
PRIMARY_GROUP	VARCHAR(10)	The user who is the primary group for the object. Returns the null value if there is no primary group for the object.
OWNER	VARCHAR(10)	The user profile that owns the object.
AUTHORIZATION_LIST_MANAGEMENT	VARCHAR(3)	The authorization list management authority for AUTHORIZATION_USER. NO The user does not have this authority. YES The user has this authority.
OBJECT_OWNER	VARCHAR(3)	Indicates whether the AUTHORIZATION_USER for this row is also the OWNER of the object. NO AUTHORIZATION_USER is not the owner of the object. YES AUTHORIZATION_USER is the owner of the object.
OBJECT_OPERATIONAL	VARCHAR(3)	Indicates the object operational authority for AUTHORIZATION_USER. NO The user does not have this authority. YES The user has this authority.
OBJECT_MANAGEMENT	VARCHAR(3)	The object management authority for AUTHORIZATION_USER. NO The user does not have this authority. YES The user has this authority.
OBJECT_EXISTENCE	VARCHAR(3)	The object existence authority for AUTHORIZATION_USER. NO The user does not have this authority. YES The user has this authority.
OBJECT_ALTER	VARCHAR(3)	The object alter authority for AUTHORIZATION_USER. NO The user does not have this authority. YES The user has this authority.
OBJECT_REFERENCE	VARCHAR(3)	The object reference authority for AUTHORIZATION_USER. NO The user does not have this authority. YES The user has this authority.
DATA_READ	VARCHAR(3)	The data read authority for AUTHORIZATION_USER. NO The user does not have this authority. YES The user has this authority.
DATA_ADD	VARCHAR(3)	The data add authority for AUTHORIZATION_USER. NO The user does not have this authority. YES The user has this authority.
DATA_UPDATE	VARCHAR(3)	The data update authority for AUTHORIZATION_USER. NO The user does not have this authority. YES The user has this authority.
DATA_DELETE	VARCHAR(3)	The data delete authority for AUTHORIZATION_USER. NO The user does not have this authority. YES The user has this authority.
DATA_EXECUTE	VARCHAR(3)	The data execute authority for AUTHORIZATION_USER. NO The user does not have this authority. YES The user has this authority.

Example

Return authority information for the file APPLIB/EMPLOYEE.

SELECT *
   FROM TABLE(QSYS2.OBJECT_PRIVILEGES('APPLIB', 'EMPLOYEE', '*FILE'));