Check Object (CHKOBJ)
| Where allowed to run: All environments (*ALL) Threadsafe: Yes |
Parameters Examples Error messages |
The Check Object (CHKOBJ) command checks object existence and verifies the user's authority for the object before trying to access it. If the object exists and the user has the proper authority for the object, no error messages are sent to the user. For verification, as many as ten specific authorities can be specified on the command.
These checks are particularly useful before the user tries to access several objects at the same time. This command is also used to check the validity of object names contained in CL variables and to verify object authorizations under program control.
When the command runs, the system searches for the specified object. If the object is found, the system verifies that the user is authorized to that object as specified for the Authority (AUT) parameter. If the object is not found or the user does not have the authorities specified for the AUT parameter, an error message is sent to the user.
| Top |
Parameters
| Keyword | Description | Choices | Notes |
|---|---|---|---|
| OBJ | Object | Qualified object name | Required, Positional 1 |
| Qualifier 1: Object | Name | ||
| Qualifier 2: Library | Name, *LIBL, *CURLIB | ||
| OBJTYPE | Object type | *ALRTBL, *AUTL, *BNDDIR, *CFGL, *CHTFMT, *CLD, *CLS, *CMD, *CNNL, *COSD, *CRG, *CRQD, *CSI, *CSPMAP, *CSPTBL, *CTLD, *DEVD, *DOC, *DTAARA, *DTADCT, *DTAQ, *EDTD, *EXITRG, *FCT, *FILE, *FLR, *FNTRSC, *FNTTBL, *FORMDF, *FTR, *GSS, *IGCDCT, *IGCSRT, *IGCTBL, *IMGCLG, *IPXD, *JOBD, *JOBQ, *JOBSCD, *JRN, *JRNRCV, *LIB, *LIND, *LOCALE, *MEDDFN, *MENU, *MGTCOL, *MODD, *MODULE, *MSGF, *MSGQ, *M36, *M36CFG, *NODGRP, *NODL, *NTBD, *NWID, *NWSCFG, *NWSD, *OUTQ, *OVL, *PAGDFN, *PAGSEG, *PDFMAP, *PDG, *PGM, *PNLGRP, *PRDDFN, *PRDLOD, *PSFCFG, *QMFORM, *QMQRY, *QRYDFN, *RCT, *SBSD, *SCHIDX, *SPADCT, *SQLPKG, *SQLUDT, *SQLXSR, *SRVPGM, *SSND, *SVRSTG, *S36, *TBL, *TIMZON, *USRIDX, *USRPRF, *USRQ, *USRSPC, *VLDL, *WSCST | Required, Positional 2 |
| MBR | Member, if data base file | Name, *NONE, *FIRST | Optional, Positional 3 |
| AUT | Authority | Single values: *NONE, *ALL, *CHANGE, *USE, *EXCLUDE, *AUTLMGT Other values (up to 10 repetitions): *OBJALTER, *OBJEXIST, *OBJMGT, *OBJOPR, *OBJREF, *ADD, *DLT, *EXECUTE, *READ, *UPD |
Optional, Positional 4 |
| Top |
Object (OBJ)
Specifies the object to be checked.
This is a required parameter.
Qualifier 1: Object
- name
- Specify the name of the object to be checked.
Qualifier 2: Library
- *LIBL
- All libraries in the library list for the current thread are searched until the first match is found.
- *CURLIB
- The current library for the thread is searched. If no library is specified as the current library for the thread, the QGPL library is searched.
- name
- Specify the name of the library to be searched.
| Top |
Object type (OBJTYPE)
Specifies the object type of the object to be checked.
To see a complete list of object types when prompting this command, position the cursor on the field for this parameter and press F4 (Prompt). For a description of the object types, see "Object types" in the CL topic collection in the Programming category in the IBM i Information Center at http://www.ibm.com/systems/i/infocenter/.
This is a required parameter.
- object-type
- Specify the type of object to be checked.
| Top |
Member, if data base file (MBR)
Specifies the file member, if a member of a database file is to be checked.
Note: The logical file member, and the physical file members on which it is based are checked.
- *NONE
- Database file members are not checked, but the existence and (optionally) the authority for the file are checked. For all other object types (including device files), *NONE is the only valid value for this parameter.
- *FIRST
- The first member of the specified file is used.
- name
- Specify a physical or logical file member to be checked. Values specified for the Object (OBJ) and Object type (OBJTYPE) parameters must identify a database file and the member specified must be a member of the database file specified for the OBJ parameter.
| Top |
Authority (AUT)
Specifies the authority to be checked or specifies an authorization list to be checked. This parameter can be specified as a single value or as a list of one or more elements.
Single values
- *NONE
- Authority is not checked.
- *ALL
- All (*ALL) authority provides the authority needed to perform all operations except those limited to the owner or controlled by authorization list management (*AUTLMGT) authority. You can control the object's existence, specify the security for the object, change the object, and perform basic functions on the object. You also can change ownership of the object.
- *CHANGE
- Change (*CHANGE) authority provides the authority needed to perform all operations on the object except those limited to the owner or controlled by object existence (*OBJEXIST) and object management (*OBJMGT) authorities. You can change and perform basic functions on the object. *CHANGE authority provides object operational (*OBJOPR) authority and all data authority. If the object is an authorization list, you cannot add, change, or remove users.
- *EXCLUDE
- Exclude authority prevents access to the object.
- *AUTLMGT
- Authorization list management (*AUTLMGT) authority provides the authority needed to add user names to the authorization list, change users' authorities on the authorization list, to remove user names from the authorization list, to rename an authorization list, or to create a duplicate authorization list.
Note: You must use the object type of *AUTL when you specify *AUTLMGT authority.
Other values (up to 10 repetitions)
- *OBJALTER
- Object alter (*OBJALTER) authority provides the authority needed to alter the attributes of an object. If the user has this authority for a database file, the user can add and remove triggers, add and remove referential and unique constraints, and change the attributes of the database file. If the user has this authority for a SQL package, the user can change the attributes of the SQL package. This authority is currently only used for database files and SQL packages.
- *OBJEXIST
- Object existence (*OBJEXIST) authority provides the authority needed to control object ownership and existence. These authorities are necessary for a user who wants to delete, free storage, save, restore, or transfer ownership of an object. (If a you have save system (*SAVSYS) special authority, you do not need *OBJEXIST authority.)
- *OBJMGT
- Object management (*OBJMGT) authority provides the authority needed to specify the security for the object, move or rename the object, and add members to database files.
- *OBJOPR
- Object operational (*OBJOPR) authority provides the authority needed to look at the description of an object and to use the object as determined by the user's data authority for the object. *OBJOPR authority has no data authorities associated with it.
- *OBJREF
- Object reference (*OBJREF) authority provides the authority needed to reference an object from another object such that operations on that object may be restricted by the other object. If the user has this authority for a physical file, the user can add a referential constraint in which the physical file is the parent. This authority is currently only used for database files.
- *ADD
- Add authority (*ADD) provides the authority needed to add entries to an object (for example, job entries to a queue or records to a file).
- *DLT
- Delete (*DLT) authority provides authority needed to remove entries from an object.
- *EXECUTE
- Execute (*EXECUTE) authority provides the authority needed to run a program or locate an object in a library or directory.
- *READ
- Read (*READ) authority provides the authority needed to show the contents of an object.
- *UPD
- Update (*UPD) authority provides authority needed to change the entries in an object.
| Top |
Examples
Example 1: Checking for Existence of a Program
CHKOBJ OBJ(LIB1/PROG1) OBJTYPE(*PGM)
This command checks for the existence of a program named PROG1 in library LIB1. Your authorities to PROG1 are not checked.
Example 2: Checking for User's Authority to File
CHKOBJ OBJ(SOURCE1) OBJTYPE(*FILE) MBR(MBR3) AUT(*CHANGE)
This command checks for the existence of file SOURCE1 and for the existence of member MBR3 in file SOURCE1. It also checks to see if you have change (*CHANGE) authority to file SOURCE1.
Example 3: Checking for Your Authority to Program
CHKOBJ OBJ(LIB1/PROG1) OBJTYPE(*PGM) AUT(*CHANGE)
This command checks the existence of program PROG1 in library LIB1. It also checks to see if you have change (*CHANGE) authority to PROG1.
Example 4: Checking User's Authority to a Logical File Member
CHKOBJ OBJ(FILEA) OBJTYPE(*FILE) MBR(MBR1) AUT(*USE)
This command checks your authority to use logical file member MBR1, and each physical file member on which MBR1 is based.
Example 5: Checking User's Add and Delete Authority
CHKOBJ OBJ(FILEA) OBJTYPE(*FILE) MBR(MBR1) AUT(*ADD *DLT) MONMSG MSGID(CPF9802) EXEC(GOTO ERROR1)
These two commands (CHKOBJ and MONMSG) are used to verify that you have both add (*ADD) and delete (*DLT) authorities for logical file FILEA and each of the physical file members on which the logical file member MBR1 in the logical file FILEA is based. If you do not have data authority for FILEA and each of the physical file members on which FILEA is based, escape message CPF9802 is sent to the program, and control in the program is passed to the command that has the label ERROR1.
| Top |
Error messages
*ESCAPE Messages
- CPF9801
- Object &2 in library &3 not found.
- CPF9802
- Not authorized to object &2 in &3.
- CPF9810
- Library &1 not found.
- CPF9815
- Member &5 file &2 in library &3 not found.
- CPF9820
- Not authorized to use library &1.
- CPF9830
- Cannot assign library &1.
- CPF9899
- Error occurred during processing of command.
| Top |