AUTHORITY_COLLECTION view

The AUTHORITY_COLLECTION view contains information about the authority check for an object.

The following table describes the columns in the view. The schema is QSYS2.

Table 1. AUTHORITY_COLLECTION view
Column Name	System Column Name	Data Type	Description
AUTHORIZATION_NAME	USER_NAME	VARCHAR(10) Nullable	The name of the user profile for which authority information was collected.
CHECK_TIMESTAMP	CHKTIME	TIMESTAMP Nullable	The date and time the authority check was made.
SYSTEM_OBJECT_NAME	SYS_ONAME	VARCHAR(10) Nullable	The name of the object whose authority was checked. This field contains information for objects in libraries and document library objects (DOC and FLR object types). Document library objects in this field will be in SYSOBJNAM format. File system objects and document library objects use the PATH_NAME* field.
SYSTEM_OBJECT_SCHEMA	SYS_DNAME	VARCHAR(10) Nullable	The name of the library that contains the object.
SYSTEM_OBJECT_TYPE	SYS_OTYPE	VARCHAR(8) Nullable	The object type of the object.
ASP_NAME	ASP_NAME	VARCHAR(10) Nullable	The name of the auxiliary storage pool to which storage for the object is allocated
ASP_NUMBER	ASP_NUMBER	DECIMAL(5,0) Nullable	The number of the auxiliary storage pool to which storage for the object is allocated. A value of 0 indicates *SYSBAS.
OBJECT_NAME	ONAME	VARCHAR(128) Nullable	The SQL name of the object. Objects supported by SQL may have the same name as the IBM® i name or may have a different longer name than the IBM i name (SYSTEM_OBJECT_NAME).
OBJECT_SCHEMA	OSCHEMA	VARCHAR(128) Nullable	The SQL name of the schema (library). Schemas in SQL may have the same name as the IBM i name or may have a different longer name than the IBM i name (SYSTEM_OBJECT_SCHEMA).
OBJECT_TYPE	OTYPE	VARCHAR(9) Nullable	The SQL object type. The following values can be returned. ALIAS - The object is an SQL alias. FUNCTION - The object is an SQL function. INDEX - The object is an SQL index. PACKAGE - The object is an SQL package. PROCEDURE - The object is an SQL procedure. ROUTINE - The object is used in SQL by one or more external functions and/or external procedures. SEQUENCE - The object is an SQL sequence. TABLE - The object is an SQL table. TRIGGER - The object is an SQL trigger. TYPE - The object is an SQL type. VARIABLE - The object is an SQL global variable. VIEW - The object is an SQL view. XSR - The object is an XML schema repository object.
AUTHORIZATION_LIST	AUTL	VARCHAR(10) Nullable	The name of the authorization list used to secure the object. This field contains data only if the object is secured by an authorization list
AUTHORITY_CHECK_SUCCESSFUL	CHKSUCCESS	CHAR(1) Nullable	The result of the authority check. This field is set to ‘1’ if the authority check was successful and ‘0’ if the authority check was not successful.
CHECK_ANY_AUTHORITY	CHKANYAUTH	CHAR(1) Nullable	Indicates whether the authority check that is performed by the system is for “ANY” of the authorities that are listed in the DETAILED_REQUIRED_AUTHORITY field. This field is set to ‘1’ if “ANY” of the authorities were checked and ‘0’ if specific authorities were checked. Certain authority checks allow the function to complete if the user associated with the currently running job has one or more of the authorities that are listed in the DETAILED_REQUIRED_AUTHORITY field. A common function that performs the “ANY” authority check is the system lock instruction that is used by many system commands, APIs, and services.
CACHED_AUTHORITY	CACHEAUTH	CHAR(1) Nullable	The operating system (OS) and Licensed Internal Code (LIC) have the capability to cache the authority the user currently has to an object, and use this authority for future authority checks. This field is set to ‘1’ if authority was cached and ‘0’ if authority was not cached. For performance reasons, the authority collection code will log, to the authority collection repository, the first authority check where cached authority is initially stored. Future authority checks, that use the cached authority, are not logged to the authority collection repository. However, any future authority check that requires more authority than was initially cached results in the logging of an authority collection entry for the authority check. In addition, the authority collection entries that have this field set to ‘1’ might not always provide an accurate view of the required authority information. The reason for this is that the system code can cache the maximum authority the current user of the job has to the object but require only a subset of this authority to pass a future authority check. This is a rare case within the OS and LIC but might occasionally be done.
REQUIRED_AUTHORITY	REQAUTH	VARCHAR(7) Nullable	The authority that is required by the system to access the object. If the DETAILED_REQUIRED_AUTHORITY field does not map to a system-defined object authority level, this field will be blank. See Authority field values.
DETAILED_REQUIRED_AUTHORITY	DTLREQAUTH	VARCHAR(90) Nullable	The detailed individual authority values that are required by the system to access the object. This is an important piece of information in the authority collection data. The detailed required authority is what is used to determine what authority can be set on the object so that it passes the authority check. Analyzing all of the authority collection entries for an object indicate what authority value can be set on the object to allow the application to run successfully from an authority standpoint. See Detailed authority field values.
CURRENT_AUTHORITY	CURAUTH	VARCHAR(8) Nullable	The authority that the user currently has to the object. The AUTHORITY_SOURCE field must also be evaluated to determine where the users’ authority to the object was found. If the DETAILED_CURRENT_AUTHORITY field does not map to a system-defined object authority level, this field will be blank. See Authority field values.
DETAILED_CURRENT_AUTHORITY	DTLCURAUTH	VARCHAR(99) Nullable	The detailed authority values that the user currently has to the object. The AUTHORITY_SOURCE field must also be evaluated to determine where the users’ authority to the object was found. See Detailed authority field values.
AUTHORITY_SOURCE	AUTHSRC	VARCHAR(50) Nullable	Where the system found the authority that either satisfied the authority check or caused the authority check to end unsuccessfully. USER ALLOBJ - All object special authority from the user USER OWNERSHIP - User ownership USER PRIVATE - User private authority AUTHORIZATION LIST OWNERSHIP - Authorization list ownership AUTHORIZATION LIST PRIVATE - Authorization list private authority GROUP ALLOBJ - Group profile all object special authority GROUP OWNERSHIP - Group ownership GROUP PRIVATE - Group private authority PRIMARY GROUP - Primary group authority AUTHORIZATION LIST GROUP OWNERSHIP - Authorization list group ownership AUTHORIZATION LIST PRIMARY GROUP - Authorization list primary group authority AUTHORIZATION LIST GROUP PRIVATE - Authorization list group private authority AUTHORIZATION LIST PUBLIC - Authorization list public authority PUBLIC - Public authority Also see the ADOPTED_AUTHORITY_SOURCE field.
GROUP_NAME	GROUP_NAME	VARCHAR(10) Nullable	The name of the group profile whose authority was used to satisfy the authority check. If multiple group profiles contribute to the accumulated current authority for the object, this field contains the last group to contribute and the MULTIPLE_GROUPS_USED field is set to ‘1’. Group profiles are checked for authority based on the order in the group profile and supplemental group profile list in the user profile.
MULTIPLE_GROUPS_USED	MLTGRPUSED	CHAR(1) Nullable	Indicates whether multiple group profiles contributed to the DETAILED_CURRENT_AUTHORITY for the object. This field is set to ‘1’ if multiple group profiles contributed and ‘0’ if no group profiles or only one group profile’s authority is used.
ADOPT_AUTHORITY_USED	ADOPTUSED	CHAR(1) Nullable	Indicates whether adopted authority is used to satisfy the authority check. This field is set to ‘1’ if the authority of the adopting program owner is used to satisfy the authority check. This field is set to ‘0’ if adopted authority was not used to satisfy the authority check. In addition, when this field is set to '0', the ADOPTING_PROGRAM_NAME field can contain the name of a program that is on the program invocation stack of the thread. If a program is listed, this program adopts the owners’ authority and would satisfy the authority check if authority was not available from another authority source in the thread. That is, excessive authority could be removed, and adopted authority used. If no program name is listed in the ADOPTING_PROGRAM_NAME field, then this indicates no program in the invocation stack would satisfy the authority check for the object.
MULTIPLE_ADOPTING_ PROGRAMS_USED	MLTADOPTPG	CHAR(1) Nullable	Indicates whether the owners of multiple programs that adopt contribute authority to the combined DETAILED_CURRENT_ADOPTED_AUTHORITY field. This field is set to '1' if multiple programs that adopt contributed and ‘0’ if no programs that adopt or only one program that adopts is used.
ADOPTING_PROGRAM_NAME	ADOPTPGM	VARCHAR(10) Nullable	The name of the program that adopts the owners’ authority. If multiple adopting programs contribute to the accumulated DETAILED_CURRENT_ADOPTED_AUTHORITY for the object, the last program to contribute is listed and the MULTIPLE_ADOPTING_PROGRAMS_USED field is set to ‘1’. Adopting programs are checked for authority in order from the most recent invocation to the oldest invocation on the program invocation stack.
ADOPTING_PROGRAM_SCHEMA	ADOPTLIB	VARCHAR(10) Nullable	The name of the library that contains the adopting program.
ADOPTING_PROCEDURE_NAME	ADOPTPRC	VARCHAR(256) Nullable	The name of the adopting Integrated Language Environmet (ILE) program procedure.
ADOPTING_PROGRAM_TYPE	ADOPTPGMT	VARCHAR(8) Nullable	The object type of the adopting program.
ADOPTING_PROGRAM_ ASP_NAME	ADOPTPGMA	VARCHAR(10) Nullable	The name of the auxiliary storage pool to which storage for the adopting program is allocated.
ADOPTING_PROGRAM_ ASP_NUMBER	ADOPTPGMAN	DECIMAL(5,0) Nullable	The number of the auxiliary storage pool to which storage for the adopting program is allocated. A value of 0 indicates *SYSBAS.
ADOPTING_PROGRAM_ STATEMENT_NUMBER	ADOPTPGMSN	DECIMAL(10,0) Nullable	The statement number of the adopting program.
ADOPTING_PROGRAM_OWNER	ADOPTPGMOW	VARCHAR(10) Nullable	The name of the adopting program owner. The adopting program owners’ authority is included in the authority checking algorithm of the system when the program in the ADOPTING_PROGRAM_NAME field is on the program invocation stack. Note: The ability to block adopted authority from previous invocations exists, by using the Use Adopted Authority attribute of a program. This attribute can be changed by using the Change Program (CHGPGM) command. When the Use Adopted Authority value of *NO is set on a program, this prevents any adopted authority from previous invocations from being included in the authority checking algorithm of the system.
CURRENT_ADOPTED_AUTHORITY	CURADPT	VARCHAR(8) Nullable	The authority value that the adopting program owner currently has to the object. The ADOPTED_AUTHORITY_SOURCE field must also be evaluated to determine where the adopting program owners’ authority to the object was found. If the DETAILED_CURRENT_ADOPTED_AUTHORITY field does not map to a system-defined object authority level, this field will be blank. See Authority field values.
DETAILED_CURRENT_ADOPTED_ AUTHORITY	DTLCURADPT	VARCHAR(99) Nullable	The detailed authority values that the adopting program owner currently has to the object. The ADOPTED_AUTHORITY_SOURCE field must also be evaluated to determine where the adopting program owners’ authority to the object was found. See Detailed authority field values.
ADOPTED_AUTHORITY_SOURCE	ADOPTAUTSR	VARCHAR(50) Nullable	Where the system found the adopted authority that either satisfied the authority check or caused the authority check to end unsuccessfully. ADOPTED *ALLOBJ - All object special authority from the adopting program owner. ADOPTED OWNERSHIP - Adopted ownership from the adopting program owner. ADOPTED PRIMARY GROUP - Adopted primary group authority from the adopting program owner. ADOPTED PRIVATE - Adopted private authority from the adopting program owner. ADOPTED AUTHORIZATION LIST OWNERSHIP - Adopted authorization list ownership from the adopting program owner. ADOPTED AUTHORIZATION LIST PRIMARY GROUP - Adopted authorization list primary group authority from the adopting program owner. ADOPTED AUTHORIZATION LIST PRIVATE - Adopted authorization list private authority from the adopting program owner.
MOST_RECENT_ PROGRAM_INVOKED	PGMINV	VARCHAR(10) Nullable	The name of the most recent program on the program invocation stack when the authority check was made.
MOST_RECENT_ PROGRAM_SCHEMA	PGMLIBINV	VARCHAR(10) Nullable	The name of the library that contains the most recent program invoked.
MOST_RECENT_ MODULE	MODINV	VARCHAR(30) Nullable	The name of the bound module within the most recently invoked ILE program.
MOST_RECENT_ PROGRAM_PROCEDURE	PGMPRC	VARCHAR(256) Nullable	The name of the most recently invoked ILE program procedure.
MOST_RECENT_ PROGRAM_TYPE	PGMTYP	VARCHAR(8) Nullable	The object type of the most recent program invoked.
MOST_RECENT_ PROGRAM_ASP_NAME	PGMASP	VARCHAR(10) Nullable	The name of the auxiliary storage pool to which storage for the most recent program is allocated.
MOST_RECENT_ PROGRAM_ASP_NUMBER	PGMASPN	DECIMAL(5,0) Nullable	The number of the auxiliary storage pool to which storage for the most recent program is allocated. A value of 0 indicates *SYSBAS.
MOST_RECENT_ PROGRAM_STATEMENT_NUMBER	PGMSTMN	DECIMAL(10,0) Nullable	The statement number of the most recent program.
MOST_RECENT_USER_STATE_ PROGRAM_INVOKED	USTPGM	VARCHAR(10) Nullable	The name of the most recent user state program on the program invocation stack when the authority check was made. A user state program is a program that is not part of the System State portion of the IBM i OS or the System State portion of an IBM product. Programs created by customers, programs created by application providers, and many products provided by IBM run in user state.
MOST_RECENT_USER_STATE_ PROGRAM_SCHEMA	USTLIB	VARCHAR(10) Nullable	The name of the library that contains the most recent user state program invoked.
MOST_RECENT_USER_STATE_ MODULE	USTMOD	VARCHAR(30) Nullable	The name of the bound module within the most recently invoked user state ILE program.
MOST_RECENT_USER_STATE_ PROGRAM_PROCEDURE	USTPGMPRC	VARCHAR(256) Nullable	The name of the most recently invoked user state ILE program procedure.
MOST_RECENT_USER_STATE_ PROGRAM_TYPE	USTPGMTYP	VARCHAR(8) Nullable	The object type of the most recent user state program invoked.
MOST_RECENT_USER_STATE_ PROGRAM_ASP_NAME	USTPGMASP	VARCHAR(10) Nullable	The name of the auxiliary storage pool to which storage for the most recent user state program is allocated.
MOST_RECENT_USER_STATE_ PROGRAM_ASP_NUMBER	USTPGMASPN	DECIMAL(5,0) Nullable	The number of the auxiliary storage pool to which storage for the most recent user state program is allocated. A value of 0 indicates *SYSBAS.
MOST_RECENT_USER_STATE_ PROGRAM_STATEMENT_NUMBER	USTPGMSN	DECIMAL(10,0) Nullable	The statement number of the most recent user state program.
JOB_NAME	JOB_NAME	VARCHAR(10) Nullable	The job name of the job in which the authority check was made.
JOB_USER	JOB_USER	VARCHAR(10) Nullable	The job user of the job in which the authority check was made.
JOB_NUMBER	JOBNBR	CHAR(6) Nullable	The job number of the job in which the authority check was made.
THREAD_ID	THREAD_ID	BIGINT Nullable	The thread ID of the currently running thread of the job in which the authority check was made.
CURRENT_USER	CURUSR	VARCHAR(10) Nullable	The current user associated with the thread of the job in which the authority check was made.
OBJECT_FILE_ID	OFILEID	BINARY(16) Nullable	The file ID of the path name.
OBJECT_ASP_NAME	OASP	VARCHAR(10) Nullable	The name of the auxiliary storage pool to which storage for the object in the path name is allocated.
OBJECT_ASP_NUMBER	OASPN	DECIMAL(5,0) Nullable	The number of the auxiliary storage pool to which storage for the object in the path name is allocated. A value of 0 indicates *SYSBAS.
PATH_NAME	PATH_NAME	DBCLOB(16M) CCSID 1200 Nullable	The path of the object whose authority was checked. This field contains information for document library objects (DOC and FLR object types), and objects in the "root" (/), QOpenSys, and user-defined file systems. This field will not be filled in for objects in libraries.
PATH_REGION	PATHREGION	CHAR(2) Nullable	The country or region id for the path name.
PATH_LANGUAGE	PATHLANG	CHAR(3) Nullable	The language id for the path name.
ABSOLUTE_PATH_INDICATOR	ABSPATHIND	CHAR(1) Nullable	Indicates whether the path name of the object is an absolute path or a relative path. This field is set to ‘Y’ if the path name of the object begins with a delimiter (path name resolution starts at the "root" (/) directory). This field is set to ‘N’ if the path name of the object contains a relative path name. In addition, when this field contains 'N', the RELATIVE_DIRECTORY_FILE_ID field contains the File ID of the parent directory of the relative path which is used to form an absolute path name.
RELATIVE_DIRECTORY_FILE_ID	RELDIRID	BINARY(16) Nullable	The relative directory file ID of the parent directory that contains the object in the PATH_NAME field. This field is set when the ABSOLUTE_PATH_INDICATOR field is ‘N’.

Authority field values

The REQUIRED_AUTHORITY field, CURRENT_AUTHORITY field, and CURRENT_ADOPTED_AUTHORITY field can contain one of the values listed below.

*ALL - Allows all operations on the object except those that are limited to the owner or controlled by authorization list management authority. This value is made up of the following detailed authority values: *OBJEXIST, *OBJMGT, *OBJOPR, *OBJALTER, *OBJREF, *READ, *ADD, *DLT, *UPD, *EXECUTE.
*CHANGE - Allows all operations on the object except those that are limited to the owner or controlled by object existence authority, object alter authority, object reference authority, and object management authority. This value is made up of the following detailed authority values: *OBJOPR, *READ, *ADD, *DLT, *UPD, *EXECUTE.
*USE - Allows access to the object attributes and use of the object. The user cannot change the object. This value is made up of the following detailed authority values: *OBJOPR, *READ, *EXECUTE.
*EXCLUDE - All operations on the object are prohibited.

Detailed authority field values

The DETAILED_REQUIRED_AUTHORITY field, DETAILED_CURRENT_AUTHORITY field, and DETAILED_CURRENT_ADOPTED_AUTHORITY field can contain one or more of the values listed below.

*OBJALTER: Object alter - provides authority to change the attributes of an object, such as adding or removing triggers and adding members for a database file.
*OBJEXIST: Object existence - provides authority to control the object's existence and ownership.
*OBJMGT: Object management - provides authority to specify security, to move or rename the object, and to add members if the object is a database file.
*OBJOPR: Object operational - provides authority to look at the object's attributes and to use the object as specified by the data authorities that the user has to the object.
*OBJREF: Object reference -provides authority to specify the object as the first level in a referential constraint.
*ADD: Add - provides authority to add entries to the object.
*DLT: Delete - provides authority to remove entries from the object.
*EXECUTE: Execute - provides authority to run a program or search a library or directory.
*READ: Read - provides authority to access the contents of the object.
*UPD: Update - provides authority to change the content of existing entries in the object.
*EXCLUDE: Exclude - all operations on the object are prohibited.
*AUTLMGT: Authorization list management – the authority required to add, change or remove users and their authority from an Authorization List object.
*OWNER: Ownership – the user owns the object and has all object and data authorities.