Retrieve Auth List Entry (RTVAUTLE)
Where allowed to run: Compiled CL program or interpreted REXX (*BPGM *IPGM *BREXX *IREXX) Threadsafe: No |
Parameters Examples Error messages |
The Retrieve Authorization List Entry (RTVAUTLE) command is used in a CL program or REXX procedure to retrieve the authorities that a user has on the authorization list. It can be used with the Change Authorization List Entry command to change the user's authorities to include new authorities in addition to the existing authorities for the user.
The authorization list name and user name must be specified. The variables for each of the authorities the user might have are returned blank if the user does not have the authority; they are returned with the correct value for the Change Authorization List Entry (CHGAUTLE) command if the user has the authority. The values are returned in the specified variables for the specified user.
The users who can use this command to retrieve authority for any user on the list are:
- The owner of the authorization list.
- A user with authorization list management (*AUTLMGT) authority on the authorization list.
- A user with all object (*ALLOBJ) special authority.
- A user authorized to the Database Security Administrator function of IBM i (QIBM_DB_SECADM).
Other users can get their own authorities or the authority of *PUBLIC.
Top |
Parameters
Keyword | Description | Choices | Notes |
---|---|---|---|
AUTL | Authorization list | Name | Required, Positional 1 |
USER | User | Name, *PUBLIC | Required, Positional 2 |
ALL | CL var for *ALL (10) | Character value | Optional |
CHANGE | CL var for *CHANGE (10) | Character value | Optional |
USE | CL var for *USE (10) | Character value | Optional |
EXCLUDE | CL var for *EXCLUDE (10) | Character value | Optional |
OBJALTER | CL var for *OBJALTER (10) | Character value | Optional |
OBJEXIST | CL var for *OBJEXIST (10) | Character value | Optional |
OBJMGT | CL var for *OBJMGT (10) | Character value | Optional |
OBJOPR | CL var for *OBJOPR (10) | Character value | Optional |
OBJREF | CL var for *OBJREF (10) | Character value | Optional |
READ | CL var for *READ (10) | Character value | Optional |
ADD | CL var for *ADD (10) | Character value | Optional |
UPDATE | CL var for *UPD (10) | Character value | Optional |
DELETE | CL var for *DLT (10) | Character value | Optional |
EXECUTE | CL var for *EXECUTE (10) | Character value | Optional |
AUTLMGT | CL var for *AUTLMGT (10) | Character value | Optional |
Top |
Authorization list (AUTL)
Specifies the authorization list that the user's authorities come from.
This is a required parameter.
- name
- Specify the name of the authorization list to be changed.
Top |
User (USER)
Specifies the user whose information is to be retrieved. If a variable is specified, it must be a 10-character field which contains a user name or the value *PUBLIC.
This is a required parameter.
- *PUBLIC
- The information returned in the specified parameter is for the users who do not have any specific authority to the authorization list, and whose groups do not have any specific authority to the authorization list.
- name
- Specify the name of the user profile of the user whose information is to be retrieved.
Top |
CL var for *ALL (10) (ALL)
Specifies the name of a variable that is used to return the special value of *ALL, if the user has *ALL authority. In CL, this should be a 10-character variable.
Blanks are returned for the variable if the user does not have this authority.
Top |
CL var for *CHANGE (10) (CHANGE)
Specifies the name of a variable that is used to return the special value of *CHANGE, if the user has change authority. In CL, this should be a 10-character variable.
Blanks are returned for the variable if the user does not have this authority.
Top |
CL var for *USE (10) (USE)
Specifies the name of a variable that is used to return the special value of *USE, if the user has use authority. In CL, this should be a 10-character variable.
Blanks are returned for the variable if the user does not have this authority.
Top |
CL var for *EXCLUDE (10) (EXCLUDE)
Specifies the name of a variable that is used to return the special value of *EXCLUDE, if the user has that authority. In CL, this should be a 10-character variable.
Blanks are returned for the variable if the user does not have this authority.
Top |
CL var for *OBJALTER (10) (OBJALTER)
Specifies the name of a variable that is used to return *OBJALTER if the user has *OBJALTER authority. In CL programs, the variable has a length of 10 characters. Blanks are returned in the variable if the user does not have *OBJALTER authority.
Blanks are returned for the variable if the user does not have this authority.
Top |
CL var for *OBJEXIST (10) (OBJEXIST)
Specifies the name of a variable that is used to return the special value of *OBJEXIST, if the user has that authority. In CL, this should be a 10-character variable.
Blanks are returned for the variable if the user does not have this authority.
Top |
CL var for *OBJMGT (10) (OBJMGT)
Specifies the name of a variable that is used to return the special value of *OBJMGT, if the user has object management authority. In CL, this should be a 10-character variable.
Blanks are returned for the variable if the user does not have this authority.
Top |
CL var for *OBJOPR (10) (OBJOPR)
Specifies the name of a variable that is used to return the special value of *OBJOPR, if the user has object operation authority. In CL, this should be a 10-character variable.
Blanks are returned for the variable if the user does not have this authority.
Top |
CL var for *OBJREF (10) (OBJREF)
Specifies the name of a variable that is used to return *OBJREF if the user has *OBJREF authority. In CL programs, the variable has a length of 10 characters. Blanks are returned in the variable if the user does not have *OBJREF authority.
Blanks are returned for the variable if the user does not have this authority.
Top |
CL var for *READ (10) (READ)
Specifies the name of a variable that is used to return the special value of *READ, if the user has read authority. In CL, this should be a 10-character variable.
Blanks are returned for the variable if the user does not have this authority.
Top |
CL var for *ADD (10) (ADD)
Specifies the name of a variable that is used to return the special value of *ADD, if the user has add authority. In CL, this should be a 10-character variable.
Blanks are returned for the variable if the user does not have this authority.
Top |
CL var for *UPD (10) (UPDATE)
Specifies the name of a variable that is used to return the special value of *UPD, if the user has update authority. In CL, this should be a 10-character variable.
Blanks are returned for the variable if the user does not have this authority.
Top |
CL var for *DLT (10) (DELETE)
Specifies the name of a variable that is used to return the special value of *DLT, if the user has delete authority. In CL, this should be a 10-character variable.
Blanks are returned for the variable if the user does not have this authority.
Top |
CL var for *EXECUTE (10) (EXECUTE)
Specifies the name of a variable that is used to return *EXECUTE if the user has *EXECUTE authority. In CL programs, the variable has a length of 10 characters. Blanks are returned in the variable if the user does not have *EXECUTE authority.
Blanks are returned for the variable if the user does not have this authority.
Top |
CL var for *AUTLMGT (10) (AUTLMGT)
Specifies the name of a variable that is used to return the special value of *AUTLMGT, if the user has authorization list management authority.
Blanks are returned for the variable if the user does not have this authority.
Top |
Examples
ADDAUTLE AUTL(PAYROLL) USER(TOM) AUT(*OBJOPR *READ *UPD *AUTLMGT)
When user Smith calls a CL program containing the following:
DCL &CHG *CHAR 10 DCL &ALL *CHAR 10 DCL &USE *CHAR 10 DCL &EXCL *CHAR 10 DCL &OBJOP *CHAR 10 DCL &ALTER *CHAR 10 DCL &REFER *CHAR 10 DCL &READ *CHAR 10 DCL &ADD *CHAR 10 DCL &UPD *CHAR 10 DCL &DLT *CHAR 10 DCL &EXEC *CHAR 10 DCL &AUTLM *CHAR 10 : RTVAUTLE AUTL(PAYROLL) USER(TOM) USE(&USE) + OBJOPR(&OBJOP) AUTLMGT(&AUTLM)
This command retrieves the following authorities from the authorization list PAYROLL for user TOM: *USE, *OBJOPR, and *AUTLMGT. If TOM does not have the authority, blanks are returned.
Top |
Error messages
*ESCAPE Messages
- CPF22A7
- User &1 not on authorization list &2, no authorities retrieved.
- CPF22A8
- Not authorized to retrieve authorities for user &1.
- CPF2204
- User profile &1 not found.
- CPF2283
- Authorization list &1 does not exist.
- CPF2289
- Unable to allocate authorization list &1.
Top |