OBJECT_PRIVILEGES table function
The OBJECT_PRIVILEGES table function returns a row for every user authorized to the specified object, along with their associated object and data authorities.
The information returned is similar to the information available through the Display Object Authority (DSPOBJAUT) CL command.
Authorization: All authorized users are returned for an object when at least one of the
following is true:
- The caller has *OBJMGT authority.
- The caller is the owner of the object.
- The object is an authorization list.
- The caller is authorized to the QIBM_DB_SECADM function usage identifier.
The schema is QSYS2.
- system-object-schema
- A character or graphic string expression that identifies the library that contains system-object-name.
- system-object-name
- A character or graphic string expression that identifies the object.
- object-type
- A character or graphic string expression that specifies the system object type of system-object-name.
The result of the function is a table containing rows with the format shown in the following table. All columns are nullable.
Column name | Data type | Description |
---|---|---|
AUTHORIZATION_USER | VARCHAR(10) | User profile name. Can contain the following special value.
|
OBJECT_AUTHORITY | VARCHAR(12) | The authority that the user has to the object. Contains one of the following
special values:
|
AUTHORIZATION_LIST | VARCHAR(10) | The name of the authorization list if the object is secured by an
authorization list. Contains null if the object is not secured by an authorization list. |
PRIMARY_GROUP | VARCHAR(10) | The user who is the primary group for the object. Returns the null value if there is no primary group for the object. |
OWNER | VARCHAR(10) | The user profile that owns the object. |
AUTHORIZATION_LIST_MANAGEMENT | VARCHAR(3) | The authorization list management authority for AUTHORIZATION_USER.
|
OBJECT_OWNER | VARCHAR(3) | Indicates whether the AUTHORIZATION_USER for this row is also the OWNER of the object.
|
OBJECT_OPERATIONAL | VARCHAR(3) | Indicates the object operational authority for AUTHORIZATION_USER.
|
OBJECT_MANAGEMENT | VARCHAR(3) | The object management authority for AUTHORIZATION_USER.
|
OBJECT_EXISTENCE | VARCHAR(3) | The object existence authority for AUTHORIZATION_USER.
|
OBJECT_ALTER | VARCHAR(3) | The object alter authority for AUTHORIZATION_USER.
|
OBJECT_REFERENCE | VARCHAR(3) | The object reference authority for AUTHORIZATION_USER.
|
DATA_READ | VARCHAR(3) | The data read authority for AUTHORIZATION_USER.
|
DATA_ADD | VARCHAR(3) | The data add authority for AUTHORIZATION_USER.
|
DATA_UPDATE | VARCHAR(3) | The data update authority for AUTHORIZATION_USER.
|
DATA_DELETE | VARCHAR(3) | The data delete authority for AUTHORIZATION_USER.
|
DATA_EXECUTE | VARCHAR(3) | The data execute authority for AUTHORIZATION_USER.
|
Example
Return authority information for the file
APPLIB/EMPLOYEE.
SELECT *
FROM TABLE(QSYS2.OBJECT_PRIVILEGES('APPLIB', 'EMPLOYEE', '*FILE'));