List Objects Secured by Authorization List (QSYLATLO) API

Required Parameter Group:

1	Qualified user space name	Input	Char(20)
2	Format name	Input	Char(8)
3	Authorization list	Input	Char(10)
4	Error code	I/O	Char(*)

Optional Parameter Group 1:

5	Stream file path name	Input	Char(*)
6	Length of stream file path name	Input	Binary(4)

Default Public Authority: *USE

Threadsafe: Yes

The List Objects Secured by Authorization List (QSYLATLO) API puts a list of objects secured by an authorization list into a user space or stream file.

A user space can only hold 16 megabytes of data, so if this API needs to return more data than the user space can hold, it will be necessary to specify a stream file. The data placed in the stream file may be quite large. Currently this API can handle returning approximately two gigabytes of data in a stream file.

An estimate of how many entries a user space can hold can be calculated by doing the following:

Determine how much space is available for entries by subtracting the size of the header sections from 16 megabytes. The header sections include the Generic Header, Input Parameter Section, and the Header Section.
```
space available for entries = 16 megabytes - size of Generic Header -
                              size of Input Parameter Section - size of Header Section
```
Add the length of the fixed portion of the format to the estimated size of a path name (if the format supports path names) and divide this into the amount of space available for the entries.
```
num entries = space available for entries / (length of fixed portion + estimated size of
                                             path name)
```

For example, do the following to determine the approximate number of format ATLO0400 entries a user space can hold.

Determine how much space is available for entries by subtracting the size of the header sections from 16 megabytes. We will allow an estimated 500 bytes for the pathname stored in the Input Parameter Section.
```
16,776,392 = 16,777,216 - 192 - (48 + 500) - 84
```
Add the length of the fixed portion of format ATLO0400, 220 bytes, to the estimated size of a path name, 500 bytes. Then divide this value, 720 bytes, into the space available for entries. This results in approximately 23300 format ATLO0400 entries.
```
23300 = 16,776,392 / (220 + 500)
```

This API provides information similar to the Display Authorization List Objects (DSPAUTLOBJ) command.

Authorities and Locks

User Space Authority: *CHANGE
Authority to Library Containing User Space: *EXECUTE
Stream File Authority: *W (if an existing stream file is specified); *WX (to the parent directory if the specified stream file does not exist and is to be created)
Note: If a stream file path name is specified, *X authority is required for each directory in the path. Adopted authority is not used to access the stream file.
Authorization List Authority: Must not be *EXCLUDE authority

Required Parameter Group

Qualified user space name

INPUT; CHAR(20)

The name of the existing user space where the list of objects secured by the authorization list is returned to. The first 10 characters specify the user space name, and the second 10 characters specify the library.

I f you want to use a stream file instead of a user space, then use this special value for the user space name:

*STMF

Use the optional parameters, Stream file path name and Length of stream file path name, to specify the stream file path name. When this special value is specified, the library name must be blanks.

You can use these special values for the library name:

*CURLIB	The current library is used to locate the user space. If there is no current library, QGPL (general purpose library)
*LIBL	The library list is used to locate the user space.

Format name

INPUT; CHAR(8)

The name of the format used to list objects secured by the authorization list.

You can specify these formats:

ATLO0100	Each entry contains the object name, library, type, authority holder indicator, auxiliary storage pool (ASP) device name of library, and ASP device name of object.
ATLO0110	This format only returns path names for objects in a directory. Each entry contains the offset to the path name, the length of the path name, type, authority holder indicator, ASP device name of object, and the path name value. Objects in the QSYS.LIB and QDLS file systems are not returned with this format.
ATLO0200	Each entry contains the same information as ATLO0100 plus the object owner, attribute, text, and primary group.
ATLO0210	This format only returns path names for objects in a directory. Each entry contains the same information as format ATLO0110 plus the object owner, attribute, text, and primary group. Objects in the QSYS.LIB and QDLS file systems are not returned with this format.
ATLO0300	Each entry contains the length of the entry, object name, library, type, authority holder indicator, document library object (DLO) name, the name of the folder that the DLO is in, the displacement to the path name, the length of the path name, ASP device name of library, ASP device name of object, and the path name value. Objects in all file systems are returned with this format. Objects are returned consecutively in three groups. Objects in the QSYS.LIB file system are in one group, objects in the QDLS file system are in another group, and objects in directories are in the other group. Information returned in the Header Section indicates how to get to the beginning of each group of objects.
ATLO0400	Each entry contains the same information as ATLO0300 plus the object owner, primary group, attribute, and text. Objects in all file systems are returned with this format. Objects are returned consecutively in three groups. Objects in the QSYS.LIB file system are in one group, objects in the QDLS file system are in another group, and objects in directories are in the other group. Information returned in the Header Section indicates how to get to the beginning of each group of objects.

Authorization list

INPUT; CHAR(10)

The name of the authorization list for which the secured objects are returned.

Error code

I/O; CHAR(*)

The structure in which to return error information. For the format of the structure, see Error code parameter.

Optional Parameter Group 1

Stream file path name

INPUT; CHAR(*)

The stream file name, specified as a path name. This parameter is assumed to be represented in the coded character set identifier (CCSID) currently in effect for the job. If the CCSID of the job is 65535, this parameter is assumed to be represented in the default CCSID of the job.

If the stream file does not exist, it will be created. The user currently running this API will be the owner and the public authority will be *EXCLUDE.

If the length of the stream file path name is -1, then this parameter is assumed to be a Qlg_Path_Name_T structure that contains a path name or a pointer to a path name. For more information on the Qlg_Path_Name_T structure, see Path name format.

If the length of stream file path name is 0, then this parameter is not used.

Length of stream file path name

INPUT; BINARY(4)

The length of the stream file path name in bytes. If the length is -1, the stream file path name parameter is assumed to be a Qlg_Path_name_T structure. This value must be zero if no stream file path name is specified.

User Space or Stream File Variables

The following tables describe the order and format of the data returned. For detailed descriptions of the fields in the tables, see Field Descriptions. When you retrieve list entry information for formats ATLO0100, ATLO0200, ATLO0300, or ATLO0400 you must use the entry size returned in the generic header to access list entries as the size of each entry may be padded at the end. If you do not use the entry size, the result may not be valid. When you retrieve list entry information for formats ATLO0110 and ATLO0210 you must use the offset to path name of the current entry + the length of path name of the current entry to access the next entry.

Input Parameter Section

Offset		Type	Field
Dec	Hex	Type	Field
0	0	CHAR(10)	User space name specified
10	0A	CHAR(10)	User space library name specified
20	14	CHAR(8)	Format name
28	1C	CHAR(10)	Authorization list
38	26	CHAR(2)	Reserved
40	28	BINARY(4)	Offset to stream file path name
44	2C	BINARY(4)	Length of stream file path name
		CHAR(*)	Stream file path name

Header Section

Offset		Type	Field
Dec	Hex	Type	Field
0	0	CHAR(10)	Authorization list
10	0A	CHAR(10)	Authorization list library name
20	14	CHAR(10)	Owner
30	1E	CHAR(10)	Primary group
40	28	BINARY(4)	Reason code
44	2C	BINARY(4)	Offset to first QSYS.LIB object
48	30	BINARY(4)	Entry number of first QSYS.LIB object
52	34	BINARY(4)	Number of QSYS.LIB objects
56	38	BINARY(4)	Offset to first QDLS object
60	3C	BINARY(4)	Entry number of first QDLS object
64	40	BINARY(4)	Number of QDLS objects
68	44	BINARY(4)	Offset to first directory object
72	48	BINARY(4)	Entry number of first directory object
76	4C	BINARY(4)	Number of directory objects
80	50	BINARY(4)	CCSID of stream file path name in Input Parameter Section

ATLO0100 Format

Offset		Type	Field
Dec	Hex	Type	Field
0	0	CHAR(10)	Object name
10	0A	CHAR(10)	Library name
20	14	CHAR(10)	Object type
30	1E	CHAR(1)	Authority holder
31	1F	CHAR(10)	ASP device name of library
41	29	CHAR(10)	ASP device name of object

ATLO0110 Format

Offset		Type	Field
Dec	Hex	Type	Field
0	0	BINARY(4)	Offset to path name
4	4	BINARY(4)	Length of path name
8	8	CHAR(10)	Object type
18	12	CHAR(1)	Authority holder
19	13	CHAR(1)	Reserved
20	14	CHAR(10)	ASP device name of object
		CHAR(*)	Path name

ATLO0200 Format

Offset		Type	Field
Dec	Hex	Type	Field
0	0	CHAR(10)	Object name
10	0A	CHAR(10)	Library name
20	14	CHAR(10)	Object type
30	1E	CHAR(1)	Authority holder
31	1F	CHAR(10)	Owner
41	29	CHAR(10)	Attribute
51	33	CHAR(50)	Text description
101	65	CHAR(10)	Primary group
111	6F	CHAR(10)	ASP device name of library
121	79	CHAR(10)	ASP device name of object

ATLO0210 Format

Offset		Type	Field
Dec	Hex	Type	Field
0	0	BINARY(4)	Offset to path name
4	4	BINARY(4)	Length of path name
8	8	CHAR(10)	Object type
18	12	CHAR(1)	Authority holder
19	13	CHAR(10)	Owner
29	1D	CHAR(10)	Attribute
39	27	CHAR(50)	Text description
89	59	CHAR(10)	Primary group
99	63	CHAR(1)	Reserved
100	64	CHAR(10)	ASP device name of object
		CHAR(*)	Path name

ATLO0300 Format

Offset		Type	Field
Dec	Hex	Type	Field
0	0	BINARY(4)	Length of entry
4	4	CHAR(10)	Object name
14	0E	CHAR(10)	Library name
24	18	CHAR(10)	Object type
34	22	CHAR(1)	Authority holder
35	23	CHAR(12)	DLO name
47	2F	CHAR(63)	Folder name
110	6E	CHAR(2)	Reserved
112	70	BINARY(4)	Displacement to path name
116	74	BINARY(4)	Length of path name
120	78	CHAR(10)	ASP device name of library
130	82	CHAR(10)	ASP device name of object
		CHAR(*)	Path name

ATLO0400 Format

Offset		Type	Field
Dec	Hex	Type	Field
0	0	BINARY(4)	Length of entry
4	4	CHAR(10)	Object name
14	0E	CHAR(10)	Library name
24	18	CHAR(10)	Object type
34	22	CHAR(1)	Authority holder
35	23	CHAR(12)	DLO name
47	2F	CHAR(63)	Folder name
110	6E	CHAR(2)	Reserved
112	70	BINARY(4)	Displacement to path name
116	74	BINARY(4)	Length of path name
120	78	CHAR(10)	Owner
130	82	CHAR(10)	Attribute
140	8C	CHAR(50)	Text description
190	BE	CHAR(10)	Primary group
200	C8	CHAR(10)	ASP device name of library
210	D2	CHAR(10)	ASP device name of object
		CHAR(*)	Path name

Field Descriptions

ASP device name of library. The auxiliary storage pool (ASP) device name where the object's library is stored. If the object's library is in the system ASP or one of the basic user ASPs, this field contains *SYSBAS.

ASP device name of object. The auxiliary storage pool (ASP) device name where the object is stored. If the object is in the system ASP or one of the basic user ASPs, this field contains *SYSBAS.

Attribute. The attribute of the secured object. If the object is not in the QSYS.LIB or QDLS file system, this field is blank.

Authority holder. Whether the object is an authority holder. If the object is an authority holder, this field is Y. If not, this field is N.

Authorization list. The name of the authorization list for which the list of objects is returned.

Authorization list library name. The name of the library containing the authorization list.

CCSID of path name in input parameter section. The CCSID value that is associated with the stream file path name in the Input Parameter Section. This value will be 0 if a stream file path name was not specified as input or if a Qlg_Path_Name_T structure was specified as the stream file path name.

Displacement to path name. The displacement in the entry to the start of the path name.

DLO name. The document library object (DLO) name for the object. If the object is not an *DOC (document) or *FLR (folder) object, this field is blank.

Entry number of first directory object. The entry number of the first directory object (objects not in the QSYS.LIB or QDLS file system) that is returned. This value is only set if you are using format ATLO0300 or ATLO0400. Otherwise, -1 is returned. If the number of directory objects field is 0, this value is also 0.

Entry number of first QDLS object. The entry number of the first QDLS object that is returned. This value is only set if you are using format ATLO0300 or ATLO0400. Otherwise, -1 is returned. If the number of QDLS objects field is 0, this value is also 0.

Entry number of first QSYS.LIB object. The entry number of the first QSYS.LIB object that is returned. This value is only set if you are using format ATLO0300 or ATLO0400. Otherwise, -1 is returned. If the number of QSYS.LIB objects field is 0, this value is also 0.

Folder name. The name of the folder that contains the DLO object. If the object is not in a folder, this field contains *NONE.

Format name. The name of the format that is used to list objects secured by the authorization list.

Length of entry. The length (in bytes) of the current entry.

Length of path name. The length (in bytes) of the path name.

Length of stream file path name. The length (in bytes) of the stream file path name. If this length is -1, the stream file path name parameter is a Qlg_Path_name_T structure. If this value is zero, no stream file path name was specified.

Library name. The name of the library that contains the user space, object, or authorization list.

Number of directory objects. The number of objects in directories (objects not in the QSYS.LIB or QDLS file system) that are returned. This value is only set if you are using format ATLO0300 or ATLO0400. Otherwise, -1 is returned. If there are no entries for objects in directories, 0 is returned.

Number of QDLS objects. The number of objects in the QDLS file system that were returned. This value is only set if you are using format ATLO0300 or ATLO0400. Otherwise, -1 is returned. If there are no entries for QDLS objects, 0 is returned.

Number of QSYS.LIB objects. The number of objects in the QSYS.LIB file system that were returned. This value is only set if you are using format ATLO0300 or ATLO0400. Otherwise, -1 is returned. If there are no entries for QSYS.LIB objects, 0 is returned.

Object name. The name of the object secured by the authorization list. If the object is not in the QSYS.LIB or QDLS file system, this field is blank.

Object type. The type of secured object.

Offset to first directory object. The offset to the first directory object (objects not in the QSYS.LIB or QDLS file systems) that was returned. This value is only set if using format ATLO0300 or ATLO0400. Otherwise, -1 is returned. If 'Number of directory objects' is 0, this value will also be 0.

Offset to first QDLS object. The offset to the first QDLS object that is returned. This value is only set if you are using format ATLO0300 or ATLO0400. Otherwise, -1 is returned. If the number of QDLS objects field is 0, this value is also 0.

Offset to first QSYS.LIB object. The offset to the first QSYS.LIB object that is returned. This value is only set if you are using format ATLO0300 or ATLO0400. Otherwise, -1 is returned. If the number of QSYS.LIB objects field is 0, this value is also 0.

Offset to path name. The offset to the start of the path name.

Offset to stream file path name. The offset to the start of the stream file path name.

Owner. The name of the owner of the authorization list or object.

Path name. The path name of the object secured by the authorization list. The user must request a format that supports path names if path names are to be included in the information returned.

The structure of the path name returned is:

Description	Type
CCSID of the returned path name	Binary(4)
Country or region ID	Char(2)
Language ID	Char(3)
Reserved field	Char(3)
Flag byte	Binary(4)
Number of bytes in the path name	Binary(4)
Path delimiter	Char(2)
Reserved field	Char(10)
Path name value	Char(*)

Primary group. The name of the user who is the primary group for the authorization list or object. If there is no primary group for the authorization list or object, this field will contain a value of *NONE.

Reason code. The reason code that further describes why the list is only a subset of all objects. The following values can be returned:

Reason code 0000. The list returned contains all objects meeting the search criteria.
Reason code 0001. Objects were found that meet the search criteria but could not be included in the returned list. The requested format could not handle path names for directory objects.
Reason code 0002. Objects were found that meet the search criteria but could not be included in the returned list. The requested format could not handle objects found in library QSYS.
Reason code 0003. Directory objects were found but did not have links to them.

Reserved. This field is not used.

Stream file path name. The stream file path name used to return the list of objects secured by the authorization list. If the Length of stream file path name is greater then zero (not a Qlg_Path_name_T structure) then the CCSID this path name is represented in is returned in the Header Section in field CCSID of stream file path name in Input Parameter Section.

Text description. The descriptive text for the secured object. If the object is not in the QSYS.LIB or QDLS file system, this field is blank.

User space library name specified. The name of the library containing the user space or object.

User space name specified. The user space used to return the list of objects secured by the authorization list.

Error Messages

Message ID	Error Message Text
CPF22AF E	Not authorized to authorization list &1.
CPF2283 E	Authorization list &1 does not exist.
CPF2289 E	Unable to allocate authorization list &1.
CPF3CAA E	List is too large for user space &1.
CPF3CF1 E	Error code parameter not valid.
CPF3C21 E	Format name &1 is not valid.
CPF3C3A E	Value for parameter &2 for API &1 not valid.
CPF3C36 E	Number of parameters, &1, entered for this API was not valid.
CPF3C90 E	Literal value cannot be changed.
CPF4ABC E	Internal error detected reason code &1.
CPF4AA9 E	Error occurred during processing of stream file.
CPF9801 E	Object &2 in library &3 not found.
CPF9802 E	Not authorized to object &2 in &3.
CPF9803 E	Cannot allocate object &2 in library &3.
CPF9807 E	One or more libraries in library list deleted.
CPF9808 E	Cannot allocate one or more libraries on library list.
CPF9810 E	Library &1 not found.
CPF9820 E	Not authorized to use library &1.
CPF9830 E	Cannot assign library &1.
CPF9838 E	User profile storage limit exceeded.
CPF9872 E	Program or service program &1 in library &2 ended. Reason code &3.

API introduced: V2R2

[ Back to top | Security APIs | APIs by category ]