QlgChangeAuthority()--Change Authority (using NLS-enabled path name)
Syntax
#include <Qp0lstdi.h> int QlgChangeAuthority (Qlg_Path_Name_T *Path_Name, uint Num_User_Names, char *User_Names_ptr, char *Data_Auth_ptr, uint Num_Object_Auths, char *Object_Auth_ptr, char *Auth_List_ptr, uint Follow_Symlnk);
Service Program Name: QP0LLIB2
Default Public Authority: *USE
Threadsafe: Conditional; see Usage Notes.
The QlgChangeAuthority() function can be used to perform the following operations on an integrated file system object:
- Add, remove, or change the authorization list
- Change private authorities
- Change public authorities
The function can perform only one of the above functions at a time. The object referred to by the input Path_Name must exist, the user must have authority to it, and the specified authority information must be supported by the specific file system or object type.
QlgChangeAuthority() either changes the authority of a symbolic link, or changes the authority of the object that the symbolic link names. This depends upon the value of the Follow_Symlnk parameter.
Parameters
- Path_Name
- (Input) Specifies the object for which specific authorities are to be given to
one or more users or to an authorization list. This path name is in the
Qlg_Path_Name_T format. For more information on this structure,
see Path name format.
- Num_User_Names
- (Input) Specifies the number of users in the user name array pointed to by
the User_Names_ptr parameter. If this parameter is 0, the Auth_List_ptr
parameter must not be a NULL pointer.
- User_Names_ptr
- (Input) Specifies the users for whom authorities to the object specified by Path_Name
are to be changed. If the Num_User_Names parameter is 0, this parameter is ignored.
If the Num_User_Names is not 0, this parameter must point to an array of CHAR(10)
blank-padded user names. If user names are specified, the authorities are changed specifically
for those users. The following special value can be specified as the only entry in the list
(Num_User_Names must be 1):
*PUBLIC All users who do not have authority specifically given to them for the object, who are not on the authorization list, whose user group does not have any authority, or whose user group is not on the authorization list, are authorized to use the object as specified for the Data_Auth_ptr and Object_Auth_ptr parameters. If this value is specified, then *NONE cannot be specified for both the Data_Auth_ptr and Object_Auth_ptr parameters.
- Data_Auth_ptr
- (Input) Specifies the data authorities to be given to the users specified for the User_Names_ptr
parameter. If the Num_User_Names parameter is 0, this parameter is ignored.
If the Num_User_Names is not 0, this parameter must point to a CHAR(10) area that contains one of
the following values, blank-padded to 10 bytes:
*SAME The users' data authorities to the objects do not change. *NONE The users do not have any of the data authorities to the objects. *RWX Allows all operations on the object except those that are limited to the owner or controlled by the object rights. *RW Allows access to the object attributes and allows the object to be changed. The user cannot use the object. *RX Allows access to the object attributes and allows use of the object. The user cannot change the object. *WX Allows use of the object and allows the object to be changed. The user cannot access the object attributes. *R Allows access to the object attributes. *W Allows the object to be changed. *X Allows the use of the object. *EXCLUDE All operations on the object are prohibited. *AUTL The public authority of the authorization list of the object is used for the public authority for the object. If this value is specified then the Num_User_Names parameter must be 1 and the specified user name must be *PUBLIC. *OBJAUT The object authority specified in the Object_Auth_ptr parameter is used to determine the data authorities for the object.
- Num_Object_Auths
- (Input) Specifies the number of entries in the object authority array pointed to by
the Object_Auth_ptr parameter. If the Num_User_Names parameter is 0,
this parameter is ignored. If the Num_User_Names is not 0, this parameter
must not be zero. The maximum allowable value is
10.
- Object_Auth_ptr
- (Input) Specifies the object authorities to be given to the users specified for the
User_Names_ptr parameter. If *OBJAUT is specified for the
Data_Auth_ptr parameter, this parameter also specifies additional
detailed data authorities to be given to the users. If the Num_User_Names parameter is 0,
this parameter is ignored. If the Num_User_Names is not 0, this parameter
must point to a list of CHAR(10) authority specifiers. The list must contain the number
of entries specified in the Num_Object_Auths parameter. Each entry in the list
may contain one of the following values, blank-padded to 10 bytes.
*SAME The users' object authorities to the objects do not change. If this value is specified, no other values may be specified. *NONE The users do not have any other object authorities (existence, management, alter, or reference). If *EXCLUDE or *AUTL is specified for the Data_Auth_ptr parameter, this value must be specified. If this value is specified, no other values may be specified. *ALL All of the other object authorities (existence, management, alter, and reference) are given to the users. If this value is specified, no other values may be specified. *OBJEXIST The users are given object existence authority to the object. *OBJMGT The users are given object management authority to the object. *OBJALTER The users are given object alter authority to the object. *OBJREF The users are given object reference authority to the object. The following values may only be specified when *OBJAUT is specified for the Data_Auth_ptr parameter. *ALLDTAOBJ All of the other object authorities (existence, management, alter, and reference) and detail data authorities (operational, read, add, update, delete, and execute) are given to the users. If this value is specified, no other values may be specified. *USE Operational, read, and execute detail data authorities are given to the users. If this value is specified, no other values may be specified. *CHANGE All of the detail data authorities (operational, read, add, update, delete, and execute) are given to the users. If this value is specified, no other values may be specified. *OBJOPR The users are given object operational authority to the object. *READ The users are given partial authority to access the contents of the object. *ADD The users are given partial authority to add content to the object. *UPD The users are given partial authority to change the content of the object. *DLT The users are given partial authority to remove content from the object. *EXECUTE The users are given partial authority to run a program or search a directory object.
- Auth_List_ptr
- (Input) Specifies the authorization list whose users are to be given authority
to the object specified for the Path_Name parameter. If the Num_User_Names
parameter is not zero, this parameter must be NULL. If the Num_User_Names
parameter is zero, this parameter must point to a CHAR(10) area containing an
authorization list name or the following special value:
*NONE The current authorization list is removed from the object.
- Follow_Symlnk
- (Input) If the last component in the Path_Name is a symbolic link,
this parameter determines if the symbolic link or the path contained in the
symbolic link is acted upon. Valid values are:
0 QP0L_DONOT_FOLLOW_SYMLNK: A symbolic link in the last component is not followed. The authority attributes of the symbolic link itself are changed. 1 QP0L_FOLLOW_SYMLNK: A symbolic link in the last component is followed. The authority attributes of the object contained in the symbolic link are changed.
Authorities
Note: Adopted authority is not used.
Authorization Required for QlgChangeAuthority() (excluding the QDLS and QOPT file systems) | ||
---|---|---|
Object Referred to | Authority Required | errno |
Each directory, preceding the last component, in the Path_Name | *X | EACCES |
Object | Owner, or *ALLOBJ | EPERM |
Authorization Required for QlgChangeAuthority() in the QDLS file system | ||
---|---|---|
Object Referred to | Authority Required | errno |
Each directory, preceding the last component, in the Path_Name | *X | EACCES |
Object | Owner, *ALL, or *ALLOBJ | EACCES |
Authorization Required for QlgChangeAuthority() in the QOPT file system | ||
---|---|---|
Object Referred to | Authority Required | errno |
Each directory, preceding the last component, in the Path_Name | *X | EACCES |
Optical volume | *CHANGE | EACCES |
Return Value
0 | QlgChangeAuthority() was successful. |
-1 | QlgChangeAuthority() was not successful. The errno global variable is set to indicate the error. |
Error Conditions
If QlgChangeAuthority() is not successful, errno indicates one of the following errors:
Error condition | Additional information |
---|---|
[EACCES] | |
[EAGAIN] | |
[EBADFID] | |
[EBADNAME] | |
[EBUSY] | |
[ECANCEL] | |
[ECONVERT] | |
[EDAMAGE] | |
[EFAULT] | |
[EINTR] | |
[EINVAL] | |
[EIO] | |
[ELOOP] | |
[ENAMETOOLONG] | |
[ENOENT] | |
[ENOMEM] | |
[ENOSPC] | |
[ENOTAVAIL] | |
[ENOTDIR] | |
[ENOTSAFE] | |
[ENOTSUP] | |
[EOFFLINE] | |
[EOVERFLOW] | |
[EPERM] | |
[EROOBJ] | |
[EUNKNOWN] |
Error Messages
The following messages may be sent from this function:
Message ID | Error Message Text |
---|---|
CPE3418 | Possible APAR condition or hardware failure. |
CPFA0D4 | File system error occurred. Error number &1 |
CPF3CF2 | Error(s) occurred during running of &1 API. |
CPF9872 | Program or service program &1 in library &2 ended. Reason code &3. |
Usage Notes
- The following file systems do not support QlgChangeAuthority():
- Network File System
- QFileSvr.400
- QNTC
In addition, only the authority of optical volumes may be changed in the QOPT file system.
- This function will fail with error code [ENOTSAFE] when all the following
conditions are true:
- Where multiple threads exist in the job.
- The object on which this function is operating resides in a file system
that is not threadsafe. Only the following file systems are threadsafe for this
function:
- "Root" (/)
- QOpenSys
- User-defined
- QSYS.LIB
- Independent ASP QSYS.LIB
- User profile names, authorization list names, and all special values for the
User_Names_ptr, Data_Auth_ptr, Object_Auth_ptr, and
Auth_List_ptr parameters are expected to be in coded character set ID 37.
- QSYS.LIB and Independent ASP QSYS.LIB File System Differences
QlgChangeAuthority() cannot be used to change the authority attributes of a physical file member. Such a request will fail with an errno of ENOTSUP.
This command must get an exclusive lock on a database file before read or object operational authority can be given to a user.
If a user requests authority for another specified user to a device currently in use by another authorized user, authority to the device is not given.
This API should not be used to change the authority for an authorization list object (/QSYS.LIB/authorization-list-name.AUTL).
Before you give authorities to use a device, controller, or line description, its associated device, controller, or line must be varied on.
- The descriptions for the *READ, *ADD, *UPD, *DLT, and *EXECUTE values of the
Object_Auth_ptr parameter specify that the values confer only "partial" authority to perform
various functions on the object. This partial authority is sufficient to perform certain operations
in the QSYS.LIB, independent ASP QSYS.LIB, and QDLS file systems, but only when using interfaces
outside the integrated file system. In effect, you can use QlgChangeAuthority() to
grant users the same authorities to these objects as the "Grant Object Authority (GRTOBJAUT)"
and "Add DLO Authority (ADDDLOAUT)" commands.
However, when using integrated file system interfaces, these user-defined combinations of authorities are mapped to the standard data authorities (*RWX) according to the following:
- *OBJOPR and *READ is equivalent to *R data authority
- *OBJOPR, *ADD, *UPD, and *DLT is equivalent to *W data authority
- *OBJOPR and *EXECUTE is equivalent to *X data authority
Unless a user has all of the detail data authorities that map to the standard data authority, the user does not have that standard data authority through integrated file system interfaces. For example, granting a user *READ detail data authority does not actually grant the user the same access to an integrated file system object as granting *R data authority. To get the equivalent authority, the user must be granted *OBJOPR and *READ. A user that had every one of the detail data authorities except for *OBJOPR would have no data authority to perform any operation on an object through integrated file system interfaces.
Related Information
- The <Qp0lstdi.h> file (see Header Files for UNIX-Type Functions)
- The <qlg.h> file (see Header Files for UNIX-Type Functions)
- chmod()--Change File Authorizations
- QlgGetAttr()--Get Attributes (using NLS-enabled path name)
- QlgStat()--Get File Information (using NLS-enabled path name)
- QlgLstat()--Get File or Link Information (using NLS-enabled path name)
- Qp0lSetAttr()--Set Attributes
- stat()--Get File Information
Example
The following example shows a call to QlgChangeAuthority().
Note: By using the code examples, you agree to the terms of the Code license and disclaimer information.
/*****************************************************************/ #include "Qp0lstdi.h" #include <stdio.h> #include <errno.h> #include <stdlib.h> #include <sys/types.h> #include <qusec.h> #include <time.h> int main (int argc, char *argv[]) { #define MYPN "ADIR/ASTMF" const char US_const[3]= "US"; const char Language_const[4]="ENU"; const char Path_Name_Del_const[2] = "/"; const char Data_Auth[11] = "*OBJAUT "; const char Object_Auths[41] = "*OBJALTER *OBJREF *OBJOPR *READ "; const char User_Names[21] = "USERA USERB "; struct pnstruct { Qlg_Path_Name_T qlg_struct; char pn[100]; }; struct pnstruct pns; struct pnstruct *pns_ptr = NULL; unsigned int follow_sym; int done=0; int rc; /**************************************************************/ /* Initialize Change Authority Parameters */ /**************************************************************/ memset((void*)&pns, 0x00, sizeof(struct pnstruct)); pns.qlg_struct.CCSID = 37; memcpy(pns.qlg_struct.Country_ID,US_const,2); memcpy(pns.qlg_struct.Language_ID,Language_const,3); pns.qlg_struct.Path_Type = 0; pns.qlg_struct.Path_Length = sizeof(MYPN)-1; memcpy(pns.qlg_struct.Path_Name_Delimiter,Path_Name_Del_const,1); memcpy(pns.pn,MYPN,sizeof(MYPN)); pns_ptr = &pns; follow_sym = QP0L_FOLLOW_SYMLNK; /**************************************************************/ /* Call the QlgChangeAuthority() API to change the authority */ /* of "ADIR/ASTMF". */ /**************************************************************/ rc = QlgChangeAuthority((Qlg_Path_Name_T *)&pns, 2, User_Names, Data_Auth, 4, Object_Auths, (char *)NULL, follow_sym); if (rc != 0) /* check API return code */ { rc = errno; printf("ERROR on QlgChangeAuthority(): error = %d\n", rc); perror("Error message"); } return(rc); } /* end main */
API introduced: IBM® i 7.2