object show

Shows values for the protected object.

If the protected object name specified does not exist, default values are shown. To determine whether a protected object exists, use the object show command.

Requires authentication (administrator ID and password) to use this command.

Syntax

object show object_name [attribute attribute_name]

Description

The object show command shows values that are associated with the protected object.

The object values shown can include:
  • ACLs.
  • POPs.
  • Authorization rules.
  • Extended attributes, such as attribute name and value pairs.
These extended attributes can be attached directly to the object or inherited from protected objects in the hierarchy of this object.

When the attribute option is specified, the attribute_name value or values are shown if the attribute is attached to the protected object specified.

This command limits the output for POPs, ACLs, and authorization rules, which are based on the permissions of the user. A user must have the view (v) permission on the object to show it.

Options

object_name
Specifies the protected object. The specified protected object is the fully qualified name of the object, including the object space within which it is located.

Examples of object names are:

  • /Management/Groups/Travel
  • /WebSEAL
  • /Management
attribute attribute_name
Specifies the name of the extended attribute whose values are to be displayed. (Optional) The extended attribute must exist for the object name that is specified, or an error is displayed. In the example that is listed for the /object-text object in Examples, the following extended attributes are shown:
  • test1
  • test2
  • abc

Return codes

0
The command completed successfully.
1
The command failed. When a command fails, the pdadmin command provides a description of the error and an error status code in hexadecimal format (for example, 0x14c012f2). See "Error messages" in the IBM Knowledge Center. This reference provides a list of the Security Access Manager error messages by decimal or hexadecimal codes.

Examples

  • The following example displays the /object-test object and lists all attached and effective ACLs, POPs, authzrules, and extended attributes: 
    pdadmin sec_master> object show /object-test
    Displays information like: 
    Name: /object-test
Description: Test object
Type: 12 (Leaf Object)
Is Policy Attachable : Yes
Extended Attributes:
Name:test1
Value(s): 1111
Name:test2
Value(s): abc
2222
second
Attached ACL:
Attached POP:
Attached AuthzRule:

Effective Extended Attributes:
Protected Object Location: /object-test
Name:test1
Value(s): 1111
Name:test2
Value(s): abc
2222
second
Effective ACL: default-root
Effective POP:
Effective AuthzRule:
  • The following example displays the /object-test/child1 object and lists all attached and effective ACLs, POPs, AuthzRules, and extended attributes: 
    pdadmin sec_master> object show /object-test/child1
    Displays information like: 
    Name: /object-test/child1
Description: Child 1
Type: 12 (Leaf Object)
Is Policy Attachable : Yes
Extended Attributes:
Attached ACL:
Attached POP:
Attached AuthzRule:

Effective Extended Attributes:
Protected Object Location: /object-test
Name:test1
Value(s): 1111
Name:test2
Value(s): abc
2222
second
Effective ACL: default-root
Effective POP:
Effective AuthzRule:
  • The following example displays information about the test1 attribute that is listed for object/object-test/child1: 
    pdadmin sec_master> object show /object-test/child1 attribute test1
    Because the test1 attribute is an extended attribute of the /object-test object, the command returns the following message:

    Could not perform the administration request
    Error: HPDAC0463E There are no extended attributes associated with the specified protected object or authorization policy object. (status 0x1005b1cf)

    To view the information about the test1 attribute of the /object-test object, enter the following command: 
    pdadmin sec_master> object show /object-test attribute test1
    Displays information like:
    test1
1111
  • The following example displays the /Management/test-object object, which lists any attached (myrule) and effective (myacl and mypop) policies: 
    pdadmin sec_master> object show /Management/test-object
    Displays information like: 
    Name: /Management/test-object/
Description : Test object
Type: 14 (Application Container Object)
Is Policy Attachable: Yes
Extended Attributes:
Attached ACL: myacl
Attached POP: mypop
Attached AuthzRule: myrule

Effective Extended Attributes:
Effective ACL: myacl
Effective POP: mypop
Effective AuthzRule: myrule
  • The following example creates a protected object and then performs an object show of that protected object. An object show is then performed for an object that has not been created. Then the object exists command is issued for both of these objects. 
    pdadmin sec_master> object create /Management/new_object1" "0ispoly

pdadmin sec_master> object show /Management/new_object1
Name: /Management/new_object1
Description:
Type: 0 (Unknown)
Is Policy Attachable: Yes
Extended Attributes:
Attached ACL:
Attached POP:
Attached AuthzRule:

Effective Extended Attributes:
Effective ACL: default-management
Effective POP:
Effective AuthzRule:

pdadmin sec_master> object show /Management/not_there_object
Name: /Management/not_there_object
Description:
Type: 0 (Unknown)
Is Policy Attachable: Yes
Extended Attributes:
Attached ACL:
Attached POP:
Attached AuthzRule:

Effective Extended Attributes:
Effective ACL: default-management
Effective POP:
Effective AuthzRule:

pdadmin sec_master> object exists /Management/new_object1
Exists: Yes
pdadmin sec_master> object exists /Management/not_there_object
Exists: No

See also

object list
object list
object listandshow

Parent topic: pdadmin commands