| 1 | Authority indicator | Output | Char(1) |
| 2 | User profile name | Input | Char(10) |
| 3 | Qualified object name | Input | Char(20) |
| 4 | Object type | Input | Char(10) |
| 5 | Authority | Input | Char(*) |
| 6 | Number of authorities | Input | Binary(4) |
| 7 | Call level | Input | Binary(4) |
| 8 | Error code | I/O | Char(*) |
The Check User Authority to Object (QSYCUSRA) API provides an indication of whether the user has the specified authority to an object.
The following authority is required for the user calling this API, unless the user profile name parameter is *CURRENT or the name of the profile that is currently running, the caller owns the object, or the object is an authorization list:
If the user profile is *CURRENT or the name of the profile that is running currently, the authority to the user includes any authority specified on the object (private, group, authorization list, or public) plus any program adopted authority. If the user profile is not *CURRENT or the name of the profile that is running currently, the authority available to the user is the authority specified on the object.
Adopted authority is authority given to the user by the program for the duration of that program. If previous programs in the program stack adopt their owner's authority, the adopted authority for the current program is the accumulated adopted authority from all other programs in the program stack that adopt authority.
Whether the user has the specified authority to the object. The field contains one of the following:
| Y | The user has the specified authority. |
| N | The user does not have the specified authority. |
The name of the user whose authority is checked.
You can specify the following special value:
| *CURRENT | Checks the authority of the current user to the specified object. |
The name of the object whose authority is checked. The first 10 characters specify the object name; the second 10 characters specify the library. You can use these special values for the library name:
| *CURLIB | The current library is used to locate the object. If there is no current library, QGPL (general purpose library) is used. |
| *LIBL | The library list is used to locate the object. |
The type of object whose authority is checked.
The authority to check for. This parameter can contain up to eleven 10-character fields. The following identifies the type of authority the user has to the object:
| *EXCLUDE | Exclude authority. If this value is specified, no other values can be specified. |
| *ALL | All authority. |
| *CHANGE | Change authority. |
| *USE | Use authority. |
| *AUTLMGT | Authorization list management authority. This value is only valid if the object type is *AUTL. |
| *OBJALTER | Object alter authority. |
| *OBJOPR | Object operational authority. |
| *OBJMGT | Object management authority. |
| *OBJEXIST | Object existence authority. |
| *OBJREF | Object reference authority. |
| *READ | Read authority. |
| *ADD | Add authority. |
| *UPD | Update authority. |
| *DLT | Delete authority. |
| *EXECUTE | Execute authority. |
The number of authorities specified in the authority parameter. You can specify 1 through 11 authorities.
The number of call levels to back up in the program stack to do the authority check. For example, if the program that calls this API adopts authority, you would probably not want the authority check to use the adopted authority. Therefore, the authority check should be done at the call level previous to the current level. This parameter should then contain a 1. You can check the authority at the various call levels by signifying a numeric equivalent to the call level. For example, to check the authority at the current call level, specify a 0; to check the authority at the previous call level, specify a 1.
This parameter is only used if the user profile name parameter is *CURRENT or the current user for the job.
The structure in which to return error information. For the format of the structure, see Error code parameter.
| Message ID | Error Message Text |
|---|---|
| CPF22FA E | Authority value &1 not valid. |
| CPF22FB E | Must specify *EXCLUDE or *AUTL as only authority value. |
| CPF22F7 E | Number of authorities must be between 1 and &1. |
| CPF22F9 E | Call level &1 not valid. |
| CPF3C90 E | Literal value cannot be changed. |
| CPF3CF1 E | Error code parameter not valid. |
| CPF3C31 E | Object type &1 is not valid. |
| CPF8122 E | &8 damage on library &4. |
| CPF9801 E | Object &2 in library &3 not found. |
| CPF9802 E | Not authorized to object &2 in &3. |
| CPF9803 E | Cannot allocate object &2 in library &3. |
| CPF9807 E | One or more libraries in library list deleted. |
| CPF9808 E | Cannot allocate one or more libraries on library list. |
| CPF9810 E | Library &1 not found. |
| CPF9811 E | Program &1 in library &2 not found. |
| CPF9812 E | File &1 in library &2 not found. |
| CPF9814 E | Device &1 not found. |
| CPF9820 E | Not authorized to use library &1. |
| CPF9830 E | Cannot assign library &1. |
| CPF9872 E | Program or service program &1 in library &2 ended. Reason code &3. |
[ Back to top | Security APIs | APIs by category ]