object show
Shows values for the protected object.
If the protected object name specified does not exist, default values are shown. To determine whether a protected object exists, use the object show command.
Requires authentication (administrator ID and password) to use this command.
Syntax
object show object_name [attribute attribute_name]
Description
The object show command shows values that are associated with the protected object.
- ACLs.
- POPs.
- Authorization rules.
- Extended attributes, such as attribute name and value pairs.
When the attribute option is specified, the attribute_name value or values are shown if the attribute is attached to the protected object specified.
This command limits the output for POPs, ACLs, and authorization rules, which are based on the permissions of the user. A user must have the view (v) permission on the object to show it.
Options
- object_name
- Specifies the protected object. The specified protected object
is the fully qualified name of the object, including the object space
within which it is located.
Examples of object names are:
- /Management/Groups/Travel
- /WebSEAL
- /Management
- attribute attribute_name
- Specifies the name of the extended attribute whose values are
to be displayed. (Optional) The extended attribute must exist for
the object name that is specified, or an error is displayed. In the
example that is listed for the /object-text object
in Examples, the following
extended attributes are shown:
- test1
- test2
- abc
Return codes
- 0
- The command completed successfully.
- 1
- The command failed. When a command fails, the pdadmin command provides a description of the error and an error status code in hexadecimal format (for example, 0x14c012f2). See "Error messages" in the IBM Knowledge Center. This reference provides a list of the Security Access Manager error messages by decimal or hexadecimal codes.
Examples
- The following example displays the /object-test object
and lists all attached and effective ACLs, POPs, authzrules, and extended
attributes:
Displays information like:pdadmin sec_master> object show /object-test
Name: /object-test Description: Test object Type: 12 (Leaf Object) Is Policy Attachable : Yes Extended Attributes: Name:test1 Value(s): 1111 Name:test2 Value(s): abc 2222 second Attached ACL: Attached POP: Attached AuthzRule: Effective Extended Attributes: Protected Object Location: /object-test Name:test1 Value(s): 1111 Name:test2 Value(s): abc 2222 second Effective ACL: default-root Effective POP: Effective AuthzRule:
- The following example displays the /object-test/child1 object
and lists all attached and effective ACLs, POPs, AuthzRules, and extended
attributes:
Displays information like:pdadmin sec_master> object show /object-test/child1
Name: /object-test/child1 Description: Child 1 Type: 12 (Leaf Object) Is Policy Attachable : Yes Extended Attributes: Attached ACL: Attached POP: Attached AuthzRule: Effective Extended Attributes: Protected Object Location: /object-test Name:test1 Value(s): 1111 Name:test2 Value(s): abc 2222 second Effective ACL: default-root Effective POP: Effective AuthzRule:
- The following example displays information about the test1 attribute
that is listed for object/object-test/child1:
Because the test1 attribute is an extended attribute of the /object-test object, the command returns the following message:pdadmin sec_master> object show /object-test/child1 attribute test1
Could not perform the administration request
Error: HPDAC0463E There are no extended attributes associated with the specified protected object or authorization policy object. (status 0x1005b1cf)To view the information about the test1 attribute of the /object-test object, enter the following command:
Displays information like:pdadmin sec_master> object show /object-test attribute test1
test1 1111
- The following example displays the /Management/test-object object,
which lists any attached (myrule) and effective (myacl and mypop)
policies:
Displays information like:pdadmin sec_master> object show /Management/test-object
Name: /Management/test-object/ Description : Test object Type: 14 (Application Container Object) Is Policy Attachable: Yes Extended Attributes: Attached ACL: myacl Attached POP: mypop Attached AuthzRule: myrule Effective Extended Attributes: Effective ACL: myacl Effective POP: mypop Effective AuthzRule: myrule
- The following example creates a protected object and then performs
an object show of that protected object. An object
show is then performed for an object that has not been created.
Then the object exists command is issued for both
of these objects.
pdadmin sec_master> object create /Management/new_object1" "0ispoly pdadmin sec_master> object show /Management/new_object1 Name: /Management/new_object1 Description: Type: 0 (Unknown) Is Policy Attachable: Yes Extended Attributes: Attached ACL: Attached POP: Attached AuthzRule: Effective Extended Attributes: Effective ACL: default-management Effective POP: Effective AuthzRule: pdadmin sec_master> object show /Management/not_there_object Name: /Management/not_there_object Description: Type: 0 (Unknown) Is Policy Attachable: Yes Extended Attributes: Attached ACL: Attached POP: Attached AuthzRule: Effective Extended Attributes: Effective ACL: default-management Effective POP: Effective AuthzRule: pdadmin sec_master> object exists /Management/new_object1 Exists: Yes pdadmin sec_master> object exists /Management/not_there_object Exists: No