IBM Support

Listing the Authorities of All Objects in an IFS Directory

Question & Answer


Question

How do you get a listing of the Authorities of All Objects in an IFS Directory

Answer

With the introduction of the IBM i SQL Service IFS_OBJECT_PRIVILEGES, you can create an SQL report containing the authorities for all objects in a directory.
This information is similar to the information available through the Display Authority (DSPAUT) CL command and the Qp0lGetAttr()--Get Attributes API.
Authorization: The user needs either *ALLOBJ authority or the following authorities:
  • For objects not in the QSYS.LIB file system:
    • For each directory included in the path name prior to the object name, *X
    • For the object, *OBJMGT
  • For objects in the QSYS.LIB file system:
    • For each directory included in the path name prior to the object name, *X
    • For a *MBR object, *RX and *OBJMGT
    • For all other object types, *OBJMGT
To get a listing of authorities for all objects in the /usr directory follow the steps:
 
1) Open the ACS Run SQL Scripts tool 
2) Run the following SQL:
  WITH OBJS AS (
        SELECT PATH_NAME
            FROM TABLE (
                    QSYS2.IFS_OBJECT_STATISTICS(START_PATH_NAME => '/usr')
                )
    )
    SELECT *
        FROM OBJS,
             TABLE (
                 QSYS2.IFS_OBJECT_PRIVILEGES(PATH_NAME)
             )
image 3286
The SQL Lists all of the authorities for the '/usr' directory and all objects in the directory structure
In addition, you could use the SQL Create Table function to create a file with all of the authorities for the path:
 
1) STRSQL to start SQL(The ACS Run SQL Scripts can also be used)
2) Run the following SQL:
CREATE TABLE QGPL/OBJS_AUTH (
            PATH_NAME,
            PATH_NAME_2,
            OBJECT_TYPE,
            OWNER,
            PRIMARY_GROUP,
            AUTHORIZATION_LIST,
            AUTHORIZATION_NAME,
            DATA_AUTHORITY,
            OBJECT_OPERATIONAL,
            OBJECT_MANAGEMENT,
            OBJECT_EXISTENCE,
            OBJECT_ALTER,
            OBJECT_REFERENCE,
            DATA_READ,
            DATA_ADD,
            DATA_UPDATE,
            DATA_DELETE,
            DATA_EXECUTE
        ) AS
            (WITH OBJS AS (
                        SELECT PATH_NAME
                            FROM TABLE (
                                    QSYS2.IFS_OBJECT_STATISTICS(START_PATH_NAME => '/usr/')
                                )
                    )
                    (SELECT *
                        FROM OBJS,
                             TABLE (
                                 QSYS2.IFS_OBJECT_PRIVILEGES(PATH_NAME)
                             )))
            WITH DATA;
NOTE: The SQL creates a file called OBJS_AUT in library QGPL for the Directory '/usr' and all subdirectories. 
More information on the IBM i SQL Service can be found on the following link:
To get a Listing the Authorities of All Objects in a Library refer to the following link:

[{"Type":"MASTER","Line of Business":{"code":"LOB68","label":"Power HW"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CHyAAM","label":"Security"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.3.0;7.4.0;7.5.0"}]

Document Information

Modified date:
27 March 2025

UID

ibm16207934

Page Feedback