object access
Confirms whether the specified access is permitted on the specified object. The access is determined based on the permissions of this user.
Requires authentication (administrator ID and password) to use this command.
Syntax
object access object_name permissions
Options
object_name- Specifies the protected object, which is the fully qualified name
of the object, including the object space within which it is located.
Examples of object names are:
/Management/Groups/Travel/WebSEAL/Management
permissions- Specifies the permission or permissions to check. Security Verify Access uses
a set of default actions that cover a wide range of operations. Actions
are represented by single alphabetic ASCII characters (a-z, A-Z).
For example, a list of primary action tasks and associated permissions for the user
sec_master, with WebSEAL as the web server, might include:TTraverseBase cControlBase gDelegationBase mModifyGeneric dDeleteGeneric bBrowseBase sServer AdminGeneric vViewGeneric aAttachBase BBypass POPBase tTraceBase rReadWebSEAL xExecuteWebSEAL lList DirectoryWebSEAL NCreateBase WPasswordBase AAddBase RBypass AuthzRuleBase
Return codes
- 0
- The command completed successfully.
- 1
- The command failed. When a command fails, the pdadmin command
provides a description of the error and an error status code in hexadecimal
format (for example,
0x14c012f2). See "Error messages" in the IBM Knowledge Center. This reference provides a list of the Security Verify Access error messages by decimal or hexadecimal codes.
Examples
- The following example confirms whether the user who is running pdadmin has
the Bypass POP (B) permission on the object
named
/Management:
The output is like:pdadmin sec_master> object access /Management BAccess: No - The following example confirms whether the user who is running pdadmin has
action Password (W) permission on the object
named
/Management/test-object:
The output is like:pdadmin sec_master> object access /Management/test-object WAccess: Yes