List Objects User Is Authorized to, Owns, or Is Primary Group of (QSYLOBJA) API

Required Parameter Group:

1	Qualified user space name	Input	Char(20)
2	Format name	Input	Char(8)
3	User profile name	Input	Char(10)
4	Object type	Input	Char(10)
5	Returned objects	Input	Char(10)
6	Continuation handle	Input	Char(20)
7	Error code	I/O	Char(*)

Optional Parameter Group:

Request list

Input

Char(*)

Default Public Authority: *USE

Threadsafe: Yes

The List Objects a User is Authorized to, Owns, or Is Primary Group of (QSYLOBJA) API puts a list of objects a user is authorized to, owns, or is the primary group owner for into a user space. The list of authorized objects only includes objects the user is specifically authorized to. The list does not include objects the user is authorized to because:

The user is part of a group that is authorized
The user can access the object using the public authority
The object is secured with an authorization list the user is authorized to
The user can access the object using adopted authority

This API provides information similar to that provided by the Display User Profile (DSPUSRPRF) command when specifying *OBJAUT, *OBJOWN, or *OBJPGP for the type parameter.

Authorities and Locks

User Space Authority: *CHANGE
Authority to Library Containing User Space: *EXECUTE
User Profile Authority: *READ

Required Parameter Group

Qualified user space name

INPUT; CHAR(20)

The name of the existing user space used to return the list of objects a user is authorized to, owns, or is the primary group for. The first 10 characters specify the user space name, and the second 10 characters specify the library.

You can use these special values for the library name:

*CURLIB	The current library is used to locate the user space. If there is no current library, QGPL (general purpose library) is used.
*LIBL	The library list is used to locate the user space.

Format name

INPUT; CHAR(8)

The name of the format used to list objects the owner is authorized to, owns, or is the primary group for.

You can specify these formats:

OBJA0100	Each entry contains the object name, library, type, authority holder indicator, ownership indicator, auxiliary storage pool (ASP) device name of library, and ASP device name of object.
OBJA0110	This format only returns path names for objects in a directory. Each entry contains the offset to the path name, the length of the path name, type, authority holder indicator, ownership indicator, ASP device name of object, and the path name value.
OBJA0200	Each entry contains the same information as format OBJA0100 plus the authority values.
OBJA0210	This format only returns path names for objects in a directory. Each entry contains the same information as format OBJA0110 plus the authority values.
OBJA0300	Each entry contains the same information as format OBJA0200 plus the object attribute and descriptive text.
OBJA0310	This format only returns path names for objects in a directory. Each entry contains the same information as format OBJA0210 plus the attribute and descriptive text.

User profile name

INPUT; CHAR(10)

The user name for which the list of objects is being returned.

You can specify the following special value:

*CURRENT

The list of objects that the user currently running is authorized to, owns, or is the primary group for is returned. If *CURRENT is used, the name of the current user is returned in the list header section of the user space.

Object type

INPUT; CHAR(10)

The type of object the list of objects is returned for.

You can specify the following special value:

*ALL	Return entries of all object types.

Returned objects

INPUT; CHAR(10)

The objects that are returned.

You can specify the following special values:

*OBJAUT	The list of objects the user is authorized to is returned.
*OBJOWN	The list of objects the user owns is returned.
*BOTH	The list of objects the user is authorized to and owns is returned. The list of owned objects precedes the list of authorized objects.
*REQLIST	The values specified in the request list parameter is used.

Continuation handle

INPUT; CHAR(20)

The handle used to continue from a previous call to this API that resulted in partially complete information. You can determine if a previous call resulted in partially complete information by checking the Information Status variable in the generic user space header following the API call.

If the API is not attempting to continue from a previous call, this parameter must be set to blanks. Otherwise, a valid continuation value must be supplied. The value may be obtained from the list header section of the user space used in the previous call. When continuing, the first entry in the returned list is the entry that immediately follows the last entry returned in the previous call.

Error code

I/O; CHAR(*)

The structure in which to return error information. For the format of the structure, see Error code parameter.

Optional Parameter Group

Request list

INPUT; CHAR(*)

The list of objects that are to be returned. This parameter can return more information than would be returned if the returned objects parameter was specified. This parameter is ignored unless the value in the returned objects parameter is *REQLIST.

You can specify the following values:

Number of values in the list. - BINARY(4)
The number of values in the list of requests.
List of requests - ARRAY(*) of CHAR(10)
The values requested to return objects for a user.

The possible values are:
- *OBJAUT. - Returns the list of objects the user is authorized to.
- *OBJOWN. - Returns the list of objects the user owns.
- *OBJPGP. - Returns the list of objects the that the user is the primary group for.

User Space Variables

The following tables describe the order and format of the data returned in the user space. For detailed descriptions of the fields in the tables, see Field Descriptions. When you retrieve list entry information for formats OBJA0100, OBJA0200, or OBJA0300 you must use the entry size returned in the generic header to access list entries as the size of each entry may be padded at the end. If you do not use the entry size, the result may not be valid. When you retrieve list entry information for formats OBJA0110, OBJA0210, OBJA0310 you must use the offset to path name of the current entry + the length of path name of the current entry to access the next entry.

Input Parameter Section

Offset		Type	Field
Dec	Hex	Type	Field
0	0	CHAR(10)	User space name specified
10	0A	CHAR(10)	Library name specified
20	14	CHAR(8)	Format name
28	1C	CHAR(10)	User profile name specified
38	26	CHAR(10)	Object type
48	30	CHAR(10)	Returned objects
58	3A	CHAR(20)	Continuation handle
78	4E	BINARY(4)	Offset to the request list
82	52	BINARY(4)	Number of values in the request list
86	56	CHAR(*)	List of requests

Header Section

Offset		Type	Field
Dec	Hex	Type	Field
0	0	CHAR(10)	User profile name
10	0A	CHAR(20)	Continuation handle
30	1E	BINARY(4)	Reason code

OBJA0100 Format

Offset		Type	Field
Dec	Hex	Type	Field
0	0	CHAR(10)	Object name
10	0A	CHAR(10)	Library name
20	14	CHAR(10)	Object type
30	1E	CHAR(1)	Authority holder
31	1F	CHAR(1)	Ownership
32	20	CHAR(10)	ASP device name of library
42	2A	CHAR(10)	ASP device name of object

OBJA0110 Format

Offset		Type	Field
Dec	Hex	Type	Field
0	0	BINARY(4)	Offset to path name
4	4	BINARY(4)	Length of path name
8	8	CHAR(10)	Object type
18	12	CHAR(1)	Authority holder
19	13	CHAR(1)	Ownership
20	14	CHAR(10)	ASP device name of object
		CHAR(*)	Path name

OBJA0200 Format

Offset		Type	Field
Dec	Hex	Type	Field
0	0	CHAR(10)	Object name
10	0A	CHAR(10)	Library name
20	14	CHAR(10)	Object type
30	1E	CHAR(1)	Authority holder
31	1F	CHAR(1)	Ownership
32	20	CHAR(10)	Authority value
42	2A	CHAR(1)	Authorization list management
43	2B	CHAR(1)	Object operational
44	2C	CHAR(1)	Object management
45	2D	CHAR(1)	Object existence
46	2E	CHAR(1)	Data read
47	2F	CHAR(1)	Data add
48	30	CHAR(1)	Data update
49	31	CHAR(1)	Data delete
50	32	CHAR(1)	Data execute
60	3C	CHAR(10)	Reserved
61	3D	CHAR(1)	Object alter
62	3E	CHAR(1)	Object reference
63	3F	CHAR(10)	ASP device name of library
73	49	CHAR(10)	ASP device name of object

OBJA0210 Format

Offset		Type	Field
Dec	Hex	Type	Field
0	0	BINARY(4)	Offset to path name
4	4	BINARY(4)	Length of path name
8	8	CHAR(10)	Object type
18	12	CHAR(1)	Authority holder
19	13	CHAR(1)	Ownership
20	14	CHAR(10)	Authority value
30	1E	CHAR(1)	Authorization list management
31	1F	CHAR(1)	Object operational
32	20	CHAR(1)	Object management
33	21	CHAR(1)	Object existence
34	22	CHAR(1)	Object alter
35	23	CHAR(1)	Object reference
36	24	CHAR(10)	Reserved
46	2E	CHAR(1)	Data read
47	2F	CHAR(1)	Data add
48	30	CHAR(1)	Data update
49	31	CHAR(1)	Data delete
50	32	CHAR(1)	Data execute
51	33	CHAR(10)	ASP device name of object
		CHAR(*)	Path name

OBJA0300 Format

Offset		Type	Field
Dec	Hex	Type	Field
0	0	CHAR(10)	Object name
10	0A	CHAR(10)	Library name
20	14	CHAR(10)	Object type
30	1E	CHAR(1)	Authority holder
31	1F	CHAR(1)	Ownership
32	20	CHAR(10)	Authority value
42	2A	CHAR(1)	Authorization list management
43	2B	CHAR(1)	Object operational
44	2C	CHAR(1)	Object management
45	2D	CHAR(1)	Object existence
46	2E	CHAR(1)	Data read
47	2F	CHAR(1)	Data add
48	30	CHAR(1)	Data update
49	31	CHAR(1)	Data delete
50	32	CHAR(10)	Attribute
60	3C	CHAR(50)	Text description
110	6E	CHAR(1)	Data execute
111	78	CHAR(10)	Reserved
121	79	CHAR(1)	Object alter
122	7A	CHAR(1)	Object reference
123	7B	CHAR(10)	ASP device name of library
133	85	CHAR(10)	ASP device name of object

OBJA0310 Format

Offset		Type	Field
Dec	Hex	Type	Field
0	0	CHAR(10)	Offset to path name
4	4	BINARY(4)	Length of path name
8	8	CHAR(10)	Object type
18	12	CHAR(1)	Authority holder
19	13	CHAR(1)	Ownership
20	14	CHAR(10)	Authority value
30	1E	CHAR(1)	Authorization list management
31	1F	CHAR(1)	Object operational
32	20	CHAR(1)	Object management
33	21	CHAR(1)	Object existence
34	22	CHAR(1)	Object alter
35	23	CHAR(1)	Object reference
36	24	CHAR(10)	Reserved
46	2E	CHAR(1)	Data read
47	2F	CHAR(1)	Data add
48	30	CHAR(1)	Data update
49	31	CHAR(1)	Data delete
50	32	CHAR(1)	Data execute
51	33	CHAR(10)	Reserved
61	3D	CHAR(10)	Attribute
71	47	CHAR(50)	Text description
121	79	CHAR(10)	ASP device name of object
		CHAR(*)	Path name

Field Descriptions

ASP device name of library. The auxiliary storage pool (ASP) device name where the object's library is stored. If the object's library is in the system ASP or one of the basic user ASPs, this field contains *SYSBAS.

ASP device name of object. The auxiliary storage pool (ASP) device name where the object is stored. If the object is in the system ASP or one of the basic user ASPs, this field contains *SYSBAS.

Attribute. The object's attribute.

Authority holder. Whether the object is an authority holder. If the object is an authority holder, this field is Y. If not, this field is N.

Authority value. The special value indicating the user's authority to the object.

This field contains one of the following values:

*ALL	The user has all object (operational, management, existence, alter and reference) and data (read, add, update, delete, and execute) authorities to the object.
*CHANGE	The user has object operational and all data authorities to the object.
*USE	The user has object operational and data read and execute authorities to the object.
*EXCLUDE	The user has none of the object or data authorities to the object, or authorization list management authority.
USER DEF	The user has some combination of object and data authorities that do not relate to a special value. The individual authorities for the user should be checked to determine what authority the user has to the object. This value is returned if the user owns an object and all authority for the user to the object has been removed. If this happens, all individual authority fields are set to N.

Authorization list management. Whether the user has authorization list management authority to the object. If the user has the authority, this field is Y. If not, this field is N. This field is only valid if the object type is *AUTL.

Continuation handle (header section). A continuation point for the API. This value is set based on the contents of the Information Status variable in the generic header for the user space.

The following situations can occur:

Information status-C. The information returned in the user space is valid and complete. No continuation is necessary and the continuation handle is set to blanks.
Information status-P. The information returned in the user space is valid but incomplete. The user may call the API again, picking up where the last call ended. The continuation handle contains a value, that may be supplied as an input parameter in later calls.
Information status-I. The information returned in the user space is not valid or complete. The contents of the continuation handle are unpredictable.

Continuation handle (input section). The handle used to continue from a previous call to this API that resulted in partially complete information.

Data add. Whether the user has this authority to the object. If the user has the authority, this field is Y. If not, this field is N.

Data delete. Whether the user has this authority to the object. If the user has the authority, this field is Y. If not, this field is N.

Data execute. Whether the user has this authority to the object. If the user has the authority, this field is Y. If not, this field is N.

Data read. Whether the user has this authority to the object. If the user has the authority, this field is Y. If not, this field is N.

Data update. Whether the user has this authority to the object. If the user has the authority, this field is Y. If not, this field is N.

Format name. The name of the format used to list objects the user is authorized to or owns.

Length of path name. The length, in bytes, of the path name.

Library name. The name of the library containing the user space or object.

Library name specified. The name of the library that will contain the user space or object.

List of requests. The list of values requested in the list of requests parameter.

Number of values in the request list. The number of values that were specified in the list of requests.

Object alter. Whether the user has this authority to the object. If the user has the authority, this field is Y. If not, this field is N.

Object existence. Whether the user has this authority to the object. If the user has the authority, this field is Y. If not, this field is N.

Object management. Whether the user has this authority to the object. If the user has the authority, this field is Y. If not, this field is N.

Object name. The name of the object the user is authorized to, owns, or is the primary group for.

Object operational. Whether the user has this authority to the object. If the user has the authority, this field is Y. If not, this field is N.

Object reference. Whether the user has this authority to the object. If the user has the authority, this field is Y. If not, this field is N.

Object type. Possible values are:

Input Section	The type of object for which the list of authorized, owned, or primary group objects is returned.
List Section	The type of object the user is authorized to, owns, or is the primary group of.

Offset to path name. The offset in the user space to the start of the path name.

Offset to the request list. The offset to the specified list of requests.

Ownership. Whether the user owns the object or is the primary group for the object. If the user owns the object, this field is Y. If the user is the primary group for the object, this field is G. Otherwise, this field is N.

Path name. The path name of the object the user owns, is authorized to, or is the primary group for.

The structure of the path name returned is:

Description	Type
CCSID of the returned path name	Binary(4)
Country or region ID	Char(2)
Language ID	Char(3)
Reserved field	Char(3)
Flag byte	Binary(4)
Number of bytes in the path name	Binary(4)
Path delimiter	Char(2)
Reserved field	Char(10)
Path name value	Char(*)

Primary group. The name of the user who is the primary group for the authorization list or object. If there is no primary group for the authorization list or object, this field will contain a value of *NONE.

Reason code. The reason code describing why the returned list is only a subset. The following values can be returned:

Reason code 0000. The list returned in the user space contains all objects meeting the search criteria.
Reason code 0001. Objects were found that meet the search criteria but could not be included in the returned list. The requested format could not handle path names for directory objects.
Reason code 0002. Objects were found that meet the search criteria but could not be included in the returned list. The requested format could not handle objects found in library QSYS.
Reason code 0003. Directory objects were found but did not have links to them.

Reserved. An ignored field.

Returned objects. The objects that are returned.

Text description. The text description of the object.

User profile name. The user name used to return the list of objects.

User profile name specified. The user name for which the list of objects is returned.

User space name. The name of the user space used to return the list of objects.

User space name specified. The name of the user space in which the list of objects is returned.

Error Messages

Message ID	Error Message Text
CPF22FC E	Value &1 not valid when specifying objects to be returned by API &2.
CPF22FD E	Continuation handle not valid for API &1.
CPF2204 E	User profile &1 not found.
CPF2213 E	Not able to allocate user profile &1.
CPF2217 E	Not authorized to user profile &1.
CPF222A E	Value &1 not valid when specifying a list of requests for API &2.
CPF222B E	The requested list parameter is not specified for API &1.
CPF222C E	&1 is not valid for the number of requested list values for API &2.
CPF3CF1 E	Error code parameter not valid.
CPF3C21 E	Format name &1 is not valid.
CPF3C31 E	Object type &1 is not valid.
CPF3C90 E	Literal value cannot be changed.
CPF9801 E	Object &2 in library &3 not found.
CPF9802 E	Not authorized to object &2 in &3.
CPF9803 E	Cannot allocate object &2 in library &3.
CPF9807 E	One or more libraries in library list deleted.
CPF9808 E	Cannot allocate one or more libraries on library list.
CPF9810 E	Library &1 not found.
CPF9820 E	Not authorized to use library &1.
CPF9830 E	Cannot assign library &1.
CPF9872 E	Program or service program &1 in library &2 ended. Reason code &3.

API introduced: V2R2

[ Back to top | Security APIs | APIs by category ]