IBM Support

Finding Private Authorities for a User Profile

Question & Answer


Question

How do you find Private Authorities for a User Profile?  

Answer

This document discusses how to find Private Authorities for a user profile.  These are Authority Entries that a user has for objects that are owned by other users on the System.
 
From a PRTPRFINT report, the procedure explained below, finds user profiles for the Percent of Private Authority Entries column:
image-20240807102641-1

The IFS_OBJECT_PRIVILEGES table function returns a row for every user authorized to the object identified by the path name, along with their associated object and data authorities.

This information is similar to the information available through the Display Authority (DSPAUT) CL command and the Qp0lGetAttr()--Get Attributes API.

Authorization: The caller must have:
  • For objects not in the QSYS.LIB file system:
    • For each directory included in the path name prior to the object name, *X
    • For the object, *OBJMGT
  • For objects in the QSYS.LIB file system:
    • For each directory included in the path name prior to the object name, *X
    • For a *MBR object, *RX and *OBJMGT
    • For all other object types, *OBJMGT
For IFS Objects:
 
To get a listing of the all IFS objects for which the user has a Private Authority: 
 
NOTE:  The following SQLs can take a very long time to complete depending on the number of objects that are owned by the user profile and the number of objects in the specified path. 
 
1) Open the ACS Run SQL Scripts tool 
2) Run the following SQL:
WITH OBJS AS (
        SELECT PATH_NAME
            FROM TABLE (
                    QSYS2.IFS_OBJECT_STATISTICS(START_PATH_NAME => '/home/v6castil', SUBTREE_DIRECTORIES => 'YES') -- Specify the directory name
                )
    )
    SELECT *
        FROM OBJS,
             TABLE (
                 QSYS2.IFS_OBJECT_PRIVILEGES(PATH_NAME)
             )
        WHERE OWNER <> 'V6CASTIL' -- Specify the User ID that has the Private Authorities 
              AND authorization_name = 'V6CASTIL' -- Specify the User ID that has the Private Authorities.
              AND authorization_name <> '*PUBLIC'
image-20240807103137-2
NOTE:  Specify the Name of the User ID that has a large amount of Private Authorities and starting Path in the IFS
NOTE 1: The objects listed under the PATH_NAME column, have a private authority entry for the user profile listed under the AUTHORIZATION_NAME column.
NOTE 2: The previous command will collect data from the path /home/v6casttil, adjust the path as needed,
In addition, the RTVPRVAUT command can be used to create a table that contains the private authorities for the user profile

[{"Type":"MASTER","Line of Business":{"code":"LOB68","label":"Power HW"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CHyAAM","label":"Security"}],"ARM Case Number":"TS016902331","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.3.0;7.4.0;7.5.0"}]

Document Information

Modified date:
07 August 2024

UID

ibm17163679

Page Feedback