Print Private Authorities (PRTPVTAUT)
| Where allowed to run: All environments (*ALL) Threadsafe: No |
Parameters Examples Error messages |
The Print Private Authority (PRTPVTAUT) command allows you to print a report of all the private authorities for objects of a specified type in a specified library, folder or directory. The report will list all objects of the specified type and the users that are authorized to the object. This is a way to check for different sources of authority to objects.
This command will print three reports for the selected objects. The first report (Full Report) will contain all of the private authorities for each of the selected objects.
The second report (Changed Report) will contain additions/changes to the private authorities to the selected objects if the PRTPVTAUT command was previously run for the specified objects in the specified library or folder. Any new objects of the selected type, new authorities to existing objects, or changes to existing authorities to the existing objects will be listed in the 'Changed Report'. If the PRTPVTAUT command was not previously run for the specified objects in the specified library or folder, there will be no 'Changed Report'. If the command has been previously run but no changes have been made to the authorities on the objects, then the 'Changed Report' will be printed but there will be no objects listed.
The third report (Deleted Report) will contain any deletions of privately authorized users from the specified objects since the PRTPVTAUT command was previously run. Any objects that were deleted or any users that were removed as privately authorized users will be listed in the 'Deleted Report'. If the PRTPVTAUT command was not previously run, there will be no 'Deleted Report'. If the command has been previously run but no delete operations have been done to the objects, then the 'Deleted Report' will be printed but there will be no objects listed.
The reports will contain the following information:
- The object type specified on the command (if object type is not *AUTL).
- The date and time the report was last run (not shown on the Full Report).
- The name of the library specified on the command (if object type is not *AUTL, *BLKSF, *DIR, *DOC, *FLR, *SOCKET, *STMF, or *SYMLNK).
- The library's *PUBLIC authority (if object type is not *AUTL, *BLKSF, *DIR, *DOC, *FLR, *SOCKET, *STMF, or *SYMLNK).
- The name of the folder the documents or folder are in (if object type is *DOC or *FLR).
- The name of the directory the objects are in (if object type is *BLKSF, *DIR, *SOCKET, *STMF, *SYMLNK).
- The directory's *PUBLIC authority (if object type is *BLKSF, *DIR, *SOCKET, *STMF, *SYMLNK).
- An entry for each user that has an authority to the objects in the list. Each entry contains the following information:
- The name of the object (only shown for the first user).
- The owner of the object (only shown for the first user).
- The primary group of the object (only shown for the first user).
- The name of the authorization list securing the object (only shown for the first user if object type is not *AUTL).
- The sensitivity level of the document or folder (if object type is *DOC or *FLR, only shown for the first user).
- The name of the user authorized to the object.
- The special value for the user's authority to the object (e.g. *ALL or *CHANGE).
- An indicator for the individual authorities that the user has to the object ('X' or ' ') (if object type is not *DOC or *FLR).
The file QPVXXXXXXX (where 'XXXXXXX' is the object type specified on the command) in library QUSRSYS contains information from the last time the PRTPVTAUT command was run. If object type is not *BLKSF, *DIR, *DOC, *FLR, *SOCKET, *STMF, or *SYMLNK there is a member within the file, with the same name as the library, for each library that has been previously specified on the command. For object types that don't require a library to be specified (e.g. *USRPRF), the library name is QSYS. System file QAOBJAUT in library QSYS with format name of QSYDSAUT is the model file for the file.
If the object type is *FLR, the first member will contain the information from the previous time *FLR was specified on the command. System file QASECDLO in library QSYS with format name of QSECDLO is the model file for the file.
If the object type is *DOC, there is a member within the file for each folder that has been previously specified on the command. The member name will be the same as the system name of the folder. System file QASECDLO in library QSYS with format name of QSECDLO is the model file for the file.
If the object type is *FILE and the AUTTYPE parameter value is *FIELD or *ALL, the Display Object Authority (DSPOBJAUT) command will be run for each file that has field level authorities associated with it. For each of these files, a spooled file by the name of QPOBJAUT will be created that contains all of the field level authority data for the file. There is no changed report support available for the field level authority data on a file.
If the object type is *BLKSF, *DIR, *SOCKET, *STMF, or *SYMLNK, there is a member within the file for each directory that has previously been specified in the Directory (DIR) parameter. The member names are based on the order the directories are processed. The member naming convention is x000000001, x000000002, and so on. The first character in the member name will either be N or Y. This character indicates if the subdirectories were searched when the data was gathered. N indicates the subdirectories were not searched, Y indicates they were searched. Once a member name has been assigned to a directory, the numeric portion with the appropriate prefix is used for all of the object types listed above. The system file QASECDIR in library QSYS with format name of QSECDIR is the model file for the file.
Note: The file QASECGFIPV in library QUSRSYS contains the file ID values of every directory that has been processed and the Nxxxxxxxxx member name that has been assigned to it. The system file QASECGFI in library QSYS with format name of QSECGFI is the model file for QASECGFIPV.
Restriction: You must have all object (*ALLOBJ) or audit (*AUDIT) special authority to run this command.
| Top |
Parameters
| Keyword | Description | Choices | Notes |
|---|---|---|---|
| OBJTYPE | Object type | *ALRTBL, *AUTL, *BLKSF, *BNDDIR, *CFGL, *CHRSF, *CHTFMT, *CLD, *CLS, *CMD, *CNNL, *COSD, *CRG, *CRQD, *CSI, *CSPMAP, *CSPTBL, *CTLD, *DEVD, *DIR, *DOC, *DTAARA, *DTADCT, *DTAQ, *EDTD, *EXITRG, *FCT, *FIFO, *FILE, *FLR, *FNTRSC, *FNTTBL, *FORMDF, *FTR, *GSS, *IGCDCT, *IGCSRT, *IGCTBL, *IMGCLG, *IPXD, *JOBD, *JOBQ, *JOBSCD, *JRN, *JRNRCV, *LIB, *LIND, *LOCALE, *M36, *M36CFG, *MEDDFN, *MENU, *MGTCOL, *MODD, *MODULE, *MSGF, *MSGQ, *NODGRP, *NODL, *NTBD, *NWID, *NWSCFG, *NWSD, *OUTQ, *OVL, *PAGDFN, *PAGSEG, *PDFMAP, *PDG, *PGM, *PNLGRP, *PRDAVL, *PRDDFN, *PRDLOD, *PSFCFG, *QMFORM, *QMQRY, *QRYDFN, *RCT, *SBSD, *SCHIDX, *SOCKET, *SPADCT, *SQLPKG, *SQLUDT, *SQLXSR, *SRVPGM, *SSND, *STMF, *SVRSTG, *SYMLNK, *S36, *TBL, *TIMZON, *USRIDX, *USRPRF, *USRQ, *USRSPC, *VLDL, *WSCST | Required, Positional 1 |
| CHGRPTONLY | Changed report only | *NO, *YES | Optional, Positional 2 |
| LIB | Library | Name | Optional |
| AUTTYPE | Authority type | *OBJECT, *FIELD, *ALL | Optional |
| FLR | Folder | Character value | Optional |
| AUTLOBJ | Print AUTL objects | *NO, *YES | Optional |
| DIR | Directory | Path name | Optional |
| SCHSUBDIR | Search subdirectory | *NO, *YES | Optional |
| Top |
Object type (OBJTYPE)
This is a required parameter.
The type of object to search for. For a complete list of object types, press the F4 key when prompting this parameter.
- object-type
- The type of object to be processed.
| Top |
Changed report only (CHGRPTONLY)
Specifies whether just the changed reports should be printed.
- *NO
- The full and changed reports are printed.
- *YES
- Only the changed report and the deleted reports are printed.
| Top |
Library (LIB)
This is a required parameter for all object types except *AUTL, *BLKSF, *CFGL, *CNNL, *COSD, *CTLD, *DEVD, *DIR, *DOC, *FLR, *LIB, *LIND, *MODD, *NWID, *NWSD, *SOCKET, *STMF, *SYMLNK, and *USRPRF.
The name of the library to search for objects to be included in the private authority report.
| Top |
Authority type (AUTTYPE)
Specifies whether object level authority, field level authority, or both object level and field level authority reports are generated. Field level authority information only applies to *FILE objects.
- *OBJECT
- Object level authority reports are generated for the specified objects.
- *FIELD
- For each data base file that has field level authorities a field level authority report is generated.
This value is only valid if *FILE is specified for the Object type (OBJTYPE) parameter.
- *ALL
- For each data base file that has field level authorities, a field level authority report is generated. Also, the object level authority reports for all the files in the specified library are generated.
This value is only valid if *FILE is specified for the Object type (OBJTYPE) parameter.
| Top |
Folder (FLR)
This is a required parameter if *DOC is specified for the Object type (OBJTYPE) parameter.
The name of the folder to search for documents to be included in the private authority report.
- folder-name
- The name of the folder to be searched.
| Top |
Print AUTL objects (AUTLOBJ)
Specifies whether the Display Authorization List Objects (DSPAUTLOBJ) command will be run for each of the authorization lists on the system. DSPAUTLOBJ provides a list of all the objects that are secured by a specific authorization list. This parameter is only used if the object type is *AUTL. It is ignored for all other object types.
- *NO
- The DSPAUTLOBJ command will not be run for each of the authorization lists on the system.
- *YES
- The DSPAUTLOBJ command will be run for each of the authorization lists on the system. The output for the command will be sent to the same output queue as the authorization list report.
| Top |
Directory (DIR)
This is a required parameter if *BLKSF, *DIR, *SOCKET, *STMF, or *SYMLNK is specified for the Object type (OBJTYPE) parameter.
The name of the directory to search for objects to be included in the private authority report. Only local objects in the Root, QOpenSys, and User-Defined file systems are supported.
Note: This parameter is Unicode-enabled. See "Unicode support in CL" in the CL topic collection in the Programming category in the IBM i Information Center at http://www.ibm.com/systems/i/infocenter/ for additional information.
- directory-name
- The name of the directory to be searched.
| Top |
Search subdirectory (SCHSUBDIR)
Specifies whether to search the subdirectories for objects to be included in the private authority report.
Note: This parameter is only used when OBJTYPE is *BLKSF, *DIR, *SOCKET, *STMF, or *SYMLNK.
- *NO
- The subdirectories are not searched.
- *YES
- The subdirectories are searched.
| Top |
Examples
PRTPVTAUT OBJTYPE(*FILE) LIB(PAYROLLLIB)
This command prints the full, changed, and deleted reports for all file objects in the library PAYROLLLIB.
| Top |
Error messages
*ESCAPE Messages
- CPFB304
- User does not have required special authorities.
- CPFB307
- Command &1 in use in another job.
| Top |