IFS_OBJECT_PRIVILEGES table function
The IFS_OBJECT_PRIVILEGES table function returns a row for every user authorized to the object identified by the path name, along with their associated object and data authorities.
This information is similar to the information available through the Display Authority (DSPAUT) CL command and the Qp0lGetAttr()--Get Attributes API.
- For objects not in the QSYS.LIB file system:
- For each directory included in the path name prior to the object name, *X
- For the object, *OBJMGT
- For objects in the QSYS.LIB file system:
- For each directory included in the path name prior to the object name, *X
- For a *MBR object, *RX and *OBJMGT
- For all other object types, *OBJMGT
- path-name
- An expression that returns the path name identifying the object. A relative path name is relative to the current directory. If an absolute path name is not specified, the current working directory is used in combination with the relative path name to resolve to the object. If the last element of the path is a symbolic link, the privilege information will be for the symbolic link itself.
- ignore-errors
-
A character or graphic string expression that identifies what to do when an error is encountered.
- NO
-
An error is returned.
- YES
- A warning is returned.
The result of the function is a table containing rows with the format shown in the following table. All the columns are nullable.
Column Name | Data Type | Description |
---|---|---|
PATH_NAME | DBCLOB(16M) CCSID 1200 | The full path name of the object. |
OBJECT_TYPE | VARCHAR(8) | The type of the object. |
OWNER | VARCHAR(10) | The user profile that owns the object. Contains the null value if no owner is available. |
PRIMARY_GROUP | VARCHAR(10) | The name of the user profile that is the primary group of the
object. Can contain the following special value:
Contains the null value if the object has no primary group. |
AUTHORIZATION_LIST | VARCHAR(10) | The name of the authorization list if the object is secured by an
authorization list. Contains the null value if the object is not secured by an authorization list. |
AUTHORIZATION_NAME | VARCHAR(10) | User profile name for this row. Can contain the following special values:
|
DATA_AUTHORITY | VARCHAR(12) | The operation, use, or access that AUTHORIZATION_NAME has to the
object. Contains one of the following special values:
|
OBJECT_OPERATIONAL | VARCHAR(3) | Indicates the object operational authority for AUTHORIZATION_NAME.
|
OBJECT_MANAGEMENT | VARCHAR(3) | The object management authority for AUTHORIZATION_NAME.
|
OBJECT_EXISTENCE | VARCHAR(3) | The object existence authority for AUTHORIZATION_NAME.
|
OBJECT_ALTER | VARCHAR(3) | The object alter authority for AUTHORIZATION_NAME.
|
OBJECT_REFERENCE | VARCHAR(3) | The object reference authority for AUTHORIZATION_NAME.
|
DATA_READ | VARCHAR(3) | The data read authority for AUTHORIZATION_NAME.
|
DATA_ADD | VARCHAR(3) | The data add authority for AUTHORIZATION_NAME.
|
DATA_UPDATE | VARCHAR(3) | The data update authority for AUTHORIZATION_NAME.
|
DATA_DELETE | VARCHAR(3) | The data delete authority for AUTHORIZATION_NAME.
|
DATA_EXECUTE | VARCHAR(3) | The data execute authority for AUTHORIZATION_NAME.
|
Example
- List all the authorities for all objects in the /usr
directory.
WITH OBJS AS (SELECT PATH_NAME FROM TABLE (QSYS2.IFS_OBJECT_STATISTICS(START_PATH_NAME => '/usr'))) SELECT * FROM OBJS, TABLE(QSYS2.IFS_OBJECT_PRIVILEGES(PATH_NAME));