Change DLO Authority (CHGDLOAUT)

Where allowed to run: All environments (*ALL)
Threadsafe: No

The Change Document Library Object Authority (CHGDLOAUT) command allows you to change an existing user's authority to a document or folder. With this command, you can:

Change an existing user's specific authority
Change authority for users with no specific authority (*PUBLIC)
Change the authorization list that specifies the object's security
Change the existing security level, or change the security to that of a reference object.

Restrictions:

You must have all (*ALL) authority to the object, all object (*ALLOBJ) special authority, or be the owner of the object.

Top

Parameters

Keyword	Description	Choices	Notes
DLO	Document library object	Character value, ALL, SYSOBJNAM, *ROOT	Required, Positional 1
FLR	Folder	Character value, *NONE	Optional
USRAUT	User authority	Single values: *SAME Other values (up to 50 repetitions): Element list	Optional
	Element 1: User profile	Name, *PUBLIC
	Element 2: Authority level	USE, CHANGE, EXCLUDE, ALL, *AUTL
AUTL	Authorization list	Name, SAME, NONE	Optional
SENSITIV	Sensitivity	SAME, NONE, PERSONAL, PRIVATE, *CONFIDENTIAL	Optional
REFDLO	Reference DLO	Character value, NONE, REFSYSOBJ	Optional
REFFLR	Reference folder	Character value, *NONE	Optional
SYSOBJNAM	System object name	Name	Optional
REFSYSOBJ	Reference system object	Name	Optional
PERSONAL	Personal	SAME, NO, *YES	Optional

Top

Document library object (DLO)

Specifies the name of the document or folder for which user authority is changed.

This is a required parameter.

*ALL: User authority is changed for all objects in the specified folder. If *ALL is specified, a value must be specified on the Folder (FLR) parameter.
*SYSOBJNAM: The system object name specified on the System object name (SYSOBJNAM) parameter has user authority changed.
*ROOT: The public authority value of the *ROOT folder is changed.
name: Specify the user-assigned name of the document or folder object. A maximum of 12 characters can be specified.

Top

Folder (FLR)

Specifies the folder where the object specified for the Document library object (DLO) parameter is located.

*NONE: A folder name is not specified.
name: Specify the user-assigned name of the folder. The folder name can consist of a series of folder names if the object is located in a folder that is contained in another folder. A maximum of 63 characters can be specified.

Top

User authority (USRAUT)

Specifies the name of an existing user and the new user authority level.

When USRAUT((*PUBLIC *CHANGE)) is specified, all users can create first-level folders in the *ROOT folder. When USRAUT((*PUBLIC *USE)) is specified, only users with all object (*ALLOBJ) or security administrator (*SECADM) special authority can create first-level folders. Folder creation is the only function controlled by these values. Public authority is the only security value that can be specified for the *ROOT folder. Only change (*CHANGE) and use (*USE) public authorities can be specified for the *ROOT folder.

Single values

*SAME: Existing user authority does not change.

Element 1: User profile

*PUBLIC: Users with no specific authority and who are not on the authorization list have their authority changed.
name: Specify the name of the user profile whose specific authority is changed.

Element 2: Authority level

*ALL: The user can perform all operations except those limited to the owner or controlled by authorization list management (*AUTLMGT) authority. The user can control the object's existence, specify the security for the object, change the object, and perform basic functions on the object. The user also can change ownership of the object.

*CHANGE: The user can perform all operations on the object except those limited to the owner or controlled by object existence (*OBJEXIST) and object management (*OBJMGT) authorities. The user can change and perform basic functions on the object. *CHANGE authority provides object operational (*OBJOPR) authority and all data authority. If the object is an authorization list, the user cannot add, change, or remove users.

*USE: The user can perform basic operations on the object, such as running a program or reading a file. The user cannot change the object. Use (*USE) authority provides object operational (*OBJOPR), read (*READ), and execute (*EXECUTE) authorities.

*EXCLUDE: The user cannot access the object.

*AUTL: The authority of the authorization list specified on the Authorization list (AUTL) parameter is used for the document. The *AUTL value is valid only if *PUBLIC is also specified.

Top

Authorization list (AUTL)

Specifies whether the existing authorization list is replaced by a different authorization list or removed from the document library object.

*SAME: The authorization list does not change.
*NONE: The document library object will no longer be secured by an authorization list. If the public authority to the document library object is *AUTL, it is changed to *EXCLUDE.
name: Specify the name of the new authorization list whose authority determines the object's security.

Top

Sensitivity (SENSITIV)

Specifies one of four levels of sensitivity as defined by the X.400 standard. The four levels include no sensitivity, personal, private and company confidential. Any document marked as private is still available to users who are normally authorized to it, but is unavailable to users who are working on your behalf (even though it may be available to them when they are not working on your behalf).

*SAME: The value does not change.
*NONE: The document has no sensitivity restrictions.
*PERSONAL: The document is intended for the user as an individual.
*PRIVATE: The document contains information that should be accessed only by the owner. This value cannot be specified if the access code zero (0) is assigned to the object.
*CONFIDENTIAL: The document contains information that should be handled according to company procedures.

Top

Reference DLO (REFDLO)

Specifies that the user authorities to the existing document or folder are replaced by user authorities to the referred to document library object including specific authorities, authority given to users with no specific authorities, authorization list authority, access codes, and personal status.

*NONE: A referred to object name is not specified.
*REFSYSOBJ: A referred to object is specified on the Reference system object (REFSYSOBJ) parameter. This is the system object name of a document or folder.
name: Specify the name of the document or folder that is referred to.

Top

Reference folder (REFFLR)

Specifies the folder in which the referred to object specified on the Reference DLO (REFDLO) parameter is located.

*NONE: A folder name is not specified.
name: Specify the user-specified name of the referred to folder. The folder name can consist of a series of folder names if the object is located in a folder that is contained in another folder.

Top

System object name (SYSOBJNAM)

Specifies the system object name of the document or folder. This parameter is valid only when *SYSOBJNAM is specified on the Document library object (DLO) parameter.

name: Specify the system object name of the document or folder using 10 characters.

Top

Reference system object (REFSYSOBJ)

Specifies the system object name of the referred to document library object.

name: Specify the system object name of the referred to document library object using the entire 10 characters.

Top

Personal (PERSONAL)

Specifies whether the document being changed is a personal document. If it is, only the owner or an authorized user can access it. Any document marked as private is still available to users who are normally authorized to it, but is unavailable to users who are working on your behalf (even though it may be available to them when they are not working on your behalf). This parameter is replaced by SENSITIV but the PERSONAL parameter can still be used. However, because this parameter may be removed in a later release, whenever possible use the SENSITIV parameter.

*SAME: The value does not change.
*NO: Access is allowed when a user is working on behalf of another. This value will map to SENSITIV(*NONE).
*YES: Access is not allowed when a user is working on behalf of another. PERSONAL(*YES) requires that USER(*PUBLIC) be *EXCLUDE. This value cannot be specified if the access code zero (0) is assigned to the object. This value will map to SENSITIV(*PRIVATE).

Top

Examples

CHGDLOAUT   DLO(MYDOC)  FLR(MYFLR)  USRAUT((*PUBLIC *AUTL))
            AUTL(MYAUTL)

This command changes the authority of user *PUBLIC for document MYDOC in folder MYFLR. The authority specified on the authorization list for public (users with no specific authority for MYDOC, who are not on the authorization list MYAUTL, and whose user's group has no specific authority to MYDOC) is used to determine the public authority.

Top

Error messages

*ESCAPE Messages

CPF8A75: Not authorized to access folder &1.
CPF8A77: Folder &1 not found.
CPF8A78: Folder &1 in use.
CPF8A79: Folder &1 is logically damaged.
CPF8A80: Document &2 in use in folder &1.
CPF8A82: Document &2 not found in folder &1.
CPF8A83: Not authorized to access document &2 in folder &1.
CPF8A88: Operation not allowed on document &2 in folder &1.
CPF8A89: Document &2 in folder &1 is logically damaged.
CPF90BA: Authority request for document library object failed.
CPF90B8: No authority to specify a reference object for document library object &1.
CPF901F: *AUTL was specified for a user other than *PUBLIC.
CPF9073: No authority to view or change the security of document library object &1.
CPF908A: Requester &1 not enrolled.
CPF908B: Document library object not found.
CPF908E: &1 objects changed; &2 objects not changed.
CPF909A: Document &2 in folder &1 is damaged.
CPF9095: Folder &1 is damaged.

Top