List Objects User Is Authorized to, Owns, or Is Primary Group of (QSYLOBJA) API
Required Parameter Group:
| 1 | Qualified user space name | Input | Char(20) |
| 2 | Format name | Input | Char(8) |
| 3 | User profile name | Input | Char(10) |
| 4 | Object type | Input | Char(10) |
| 5 | Returned objects | Input | Char(10) |
| 6 | Continuation handle | Input | Char(20) |
| 7 | Error code | I/O | Char(*) |
Optional Parameter Group:
| 8 | Request list | Input | Char(*) |
Default Public Authority: *USE
Threadsafe: Yes
The List Objects a User is Authorized to, Owns, or Is Primary Group of (QSYLOBJA) API puts a list of objects a user is authorized to, owns, or is the primary group owner for into a user space. The list of authorized objects only includes objects the user is specifically authorized to. The list does not include objects the user is authorized to because:
- The user is part of a group that is authorized
- The user can access the object using the public authority
- The object is secured with an authorization list the user is authorized to
- The user can access the object using adopted authority
This API provides information similar to that provided by the Display User Profile (DSPUSRPRF) command when specifying *OBJAUT, *OBJOWN, or *OBJPGP for the type parameter.
Authorities and Locks
- User Space Authority
- *CHANGE
- Authority to Library Containing User Space
- *EXECUTE
- User Profile Authority
- *READ
Required Parameter Group
- Qualified user space name
- INPUT; CHAR(20)
The name of the existing user space used to return the list of objects a user is authorized to, owns, or is the primary group for. The first 10 characters specify the user space name, and the second 10 characters specify the library.
You can use these special values for the library name:
*CURLIB The current library is used to locate the user space. If there is no current library, QGPL (general purpose library) is used. *LIBL The library list is used to locate the user space.
- Format name
- INPUT; CHAR(8)
The name of the format used to list objects the owner is authorized to, owns, or is the primary group for.
You can specify these formats:
OBJA0100 Each entry contains the object name, library, type, authority holder indicator, ownership indicator, auxiliary storage pool (ASP) device name of library, and ASP device name of object. OBJA0110 This format only returns path names for objects in a directory. Each entry contains the offset to the path name, the length of the path name, type, authority holder indicator, ownership indicator, ASP device name of object, and the path name value. OBJA0200 Each entry contains the same information as format OBJA0100 plus the authority values. OBJA0210 This format only returns path names for objects in a directory. Each entry contains the same information as format OBJA0110 plus the authority values. OBJA0300 Each entry contains the same information as format OBJA0200 plus the object attribute and descriptive text. OBJA0310 This format only returns path names for objects in a directory. Each entry contains the same information as format OBJA0210 plus the attribute and descriptive text.
- User profile name
- INPUT; CHAR(10)
The user name for which the list of objects is being returned.
You can specify the following special value:
*CURRENT The list of objects that the user currently running is authorized to, owns, or is the primary group for is returned. If *CURRENT is used, the name of the current user is returned in the list header section of the user space.
- Object type
- INPUT; CHAR(10)
The type of object the list of objects is returned for.
You can specify the following special value:
*ALL Return entries of all object types.
- Returned objects
- INPUT; CHAR(10)
The objects that are returned.
You can specify the following special values:
*OBJAUT The list of objects the user is authorized to is returned. *OBJOWN The list of objects the user owns is returned. *BOTH The list of objects the user is authorized to and owns is returned. The list of owned objects precedes the list of authorized objects. *REQLIST The values specified in the request list parameter is used.
- Continuation handle
- INPUT; CHAR(20)
The handle used to continue from a previous call to this API that resulted in partially complete information. You can determine if a previous call resulted in partially complete information by checking the Information Status variable in the generic user space header following the API call.
If the API is not attempting to continue from a previous call, this parameter must be set to blanks. Otherwise, a valid continuation value must be supplied. The value may be obtained from the list header section of the user space used in the previous call. When continuing, the first entry in the returned list is the entry that immediately follows the last entry returned in the previous call.
- Error code
- I/O; CHAR(*)
The structure in which to return error information. For the format of the structure, see Error code parameter.
Optional Parameter Group
- Request list
- INPUT; CHAR(*)
The list of objects that are to be returned. This parameter can return more information than would be returned if the returned objects parameter was specified. This parameter is ignored unless the value in the returned objects parameter is *REQLIST.
You can specify the following values:
-
Number of values in the list. - BINARY(4)
The number of values in the list of requests.
-
List of requests - ARRAY(*) of CHAR(10)
The values requested to return objects for a user.
The possible values are:
- *OBJAUT. - Returns the list of objects the user is authorized to.
- *OBJOWN. - Returns the list of objects the user owns.
- *OBJPGP. - Returns the list of objects the that the user is the primary group for.
-
Number of values in the list. - BINARY(4)
User Space Variables
The following tables describe the order and format of the data returned in the user space. For detailed descriptions of the fields in the tables, see Field Descriptions. When you retrieve list entry information for formats OBJA0100, OBJA0200, or OBJA0300 you must use the entry size returned in the generic header to access list entries as the size of each entry may be padded at the end. If you do not use the entry size, the result may not be valid. When you retrieve list entry information for formats OBJA0110, OBJA0210, OBJA0310 you must use the offset to path name of the current entry + the length of path name of the current entry to access the next entry.
Input Parameter Section
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | CHAR(10) | User space name specified |
| 10 | 0A | CHAR(10) | Library name specified |
| 20 | 14 | CHAR(8) | Format name |
| 28 | 1C | CHAR(10) | User profile name specified |
| 38 | 26 | CHAR(10) | Object type |
| 48 | 30 | CHAR(10) | Returned objects |
| 58 | 3A | CHAR(20) | Continuation handle |
| 78 | 4E | BINARY(4) | Offset to the request list |
| 82 | 52 | BINARY(4) | Number of values in the request list |
| 86 | 56 | CHAR(*) | List of requests |
Header Section
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | CHAR(10) | User profile name |
| 10 | 0A | CHAR(20) | Continuation handle |
| 30 | 1E | BINARY(4) | Reason code |
OBJA0100 Format
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | CHAR(10) | Object name |
| 10 | 0A | CHAR(10) | Library name |
| 20 | 14 | CHAR(10) | Object type |
| 30 | 1E | CHAR(1) | Authority holder |
| 31 | 1F | CHAR(1) | Ownership |
| 32 | 20 | CHAR(10) | ASP device name of library |
| 42 | 2A | CHAR(10) | ASP device name of object |
OBJA0110 Format
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | BINARY(4) | Offset to path name |
| 4 | 4 | BINARY(4) | Length of path name |
| 8 | 8 | CHAR(10) | Object type |
| 18 | 12 | CHAR(1) | Authority holder |
| 19 | 13 | CHAR(1) | Ownership |
| 20 | 14 | CHAR(10) | ASP device name of object |
| CHAR(*) | Path name | ||
OBJA0200 Format
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | CHAR(10) | Object name |
| 10 | 0A | CHAR(10) | Library name |
| 20 | 14 | CHAR(10) | Object type |
| 30 | 1E | CHAR(1) | Authority holder |
| 31 | 1F | CHAR(1) | Ownership |
| 32 | 20 | CHAR(10) | Authority value |
| 42 | 2A | CHAR(1) | Authorization list management |
| 43 | 2B | CHAR(1) | Object operational |
| 44 | 2C | CHAR(1) | Object management |
| 45 | 2D | CHAR(1) | Object existence |
| 46 | 2E | CHAR(1) | Data read |
| 47 | 2F | CHAR(1) | Data add |
| 48 | 30 | CHAR(1) | Data update |
| 49 | 31 | CHAR(1) | Data delete |
| 50 | 32 | CHAR(1) | Data execute |
| 60 | 3C | CHAR(10) | Reserved |
| 61 | 3D | CHAR(1) | Object alter |
| 62 | 3E | CHAR(1) | Object reference |
| 63 | 3F | CHAR(10) | ASP device name of library |
| 73 | 49 | CHAR(10) | ASP device name of object |
OBJA0210 Format
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | BINARY(4) | Offset to path name |
| 4 | 4 | BINARY(4) | Length of path name |
| 8 | 8 | CHAR(10) | Object type |
| 18 | 12 | CHAR(1) | Authority holder |
| 19 | 13 | CHAR(1) | Ownership |
| 20 | 14 | CHAR(10) | Authority value |
| 30 | 1E | CHAR(1) | Authorization list management |
| 31 | 1F | CHAR(1) | Object operational |
| 32 | 20 | CHAR(1) | Object management |
| 33 | 21 | CHAR(1) | Object existence |
| 34 | 22 | CHAR(1) | Object alter |
| 35 | 23 | CHAR(1) | Object reference |
| 36 | 24 | CHAR(10) | Reserved |
| 46 | 2E | CHAR(1) | Data read |
| 47 | 2F | CHAR(1) | Data add |
| 48 | 30 | CHAR(1) | Data update |
| 49 | 31 | CHAR(1) | Data delete |
| 50 | 32 | CHAR(1) | Data execute |
| 51 | 33 | CHAR(10) | ASP device name of object |
| CHAR(*) | Path name | ||
OBJA0300 Format
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | CHAR(10) | Object name |
| 10 | 0A | CHAR(10) | Library name |
| 20 | 14 | CHAR(10) | Object type |
| 30 | 1E | CHAR(1) | Authority holder |
| 31 | 1F | CHAR(1) | Ownership |
| 32 | 20 | CHAR(10) | Authority value |
| 42 | 2A | CHAR(1) | Authorization list management |
| 43 | 2B | CHAR(1) | Object operational |
| 44 | 2C | CHAR(1) | Object management |
| 45 | 2D | CHAR(1) | Object existence |
| 46 | 2E | CHAR(1) | Data read |
| 47 | 2F | CHAR(1) | Data add |
| 48 | 30 | CHAR(1) | Data update |
| 49 | 31 | CHAR(1) | Data delete |
| 50 | 32 | CHAR(10) | Attribute |
| 60 | 3C | CHAR(50) | Text description |
| 110 | 6E | CHAR(1) | Data execute |
| 111 | 78 | CHAR(10) | Reserved |
| 121 | 79 | CHAR(1) | Object alter |
| 122 | 7A | CHAR(1) | Object reference |
| 123 | 7B | CHAR(10) | ASP device name of library |
| 133 | 85 | CHAR(10) | ASP device name of object |
OBJA0310 Format
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | CHAR(10) | Offset to path name |
| 4 | 4 | BINARY(4) | Length of path name |
| 8 | 8 | CHAR(10) | Object type |
| 18 | 12 | CHAR(1) | Authority holder |
| 19 | 13 | CHAR(1) | Ownership |
| 20 | 14 | CHAR(10) | Authority value |
| 30 | 1E | CHAR(1) | Authorization list management |
| 31 | 1F | CHAR(1) | Object operational |
| 32 | 20 | CHAR(1) | Object management |
| 33 | 21 | CHAR(1) | Object existence |
| 34 | 22 | CHAR(1) | Object alter |
| 35 | 23 | CHAR(1) | Object reference |
| 36 | 24 | CHAR(10) | Reserved |
| 46 | 2E | CHAR(1) | Data read |
| 47 | 2F | CHAR(1) | Data add |
| 48 | 30 | CHAR(1) | Data update |
| 49 | 31 | CHAR(1) | Data delete |
| 50 | 32 | CHAR(1) | Data execute |
| 51 | 33 | CHAR(10) | Reserved |
| 61 | 3D | CHAR(10) | Attribute |
| 71 | 47 | CHAR(50) | Text description |
| 121 | 79 | CHAR(10) | ASP device name of object |
| CHAR(*) | Path name | ||
Field Descriptions
ASP device name of library. The auxiliary storage pool (ASP) device name where the object's library is stored. If the object's library is in the system ASP or one of the basic user ASPs, this field contains *SYSBAS.
ASP device name of object. The auxiliary storage pool (ASP) device name where the object is stored. If the object is in the system ASP or one of the basic user ASPs, this field contains *SYSBAS.
Attribute. The object's attribute.
Authority holder. Whether the object is an authority holder. If the object is an authority holder, this field is Y. If not, this field is N.
Authority value. The special value indicating the user's authority to the object.
This field contains one of the following values:
| *ALL | The user has all object (operational, management, existence, alter and reference) and data (read, add, update, delete, and execute) authorities to the object. |
| *CHANGE | The user has object operational and all data authorities to the object. |
| *USE | The user has object operational and data read and execute authorities to the object. |
| *EXCLUDE | The user has none of the object or data authorities to the object, or authorization list management authority. |
| USER DEF | The user has some combination of object and data authorities that do not relate to a special value. The individual authorities for the user should be checked to determine what authority the user has to the object. This value is returned if the user owns an object and all authority for the user to the object has been removed. If this happens, all individual authority fields are set to N. |
Authorization list management. Whether the user has authorization list management authority to the object. If the user has the authority, this field is Y. If not, this field is N. This field is only valid if the object type is *AUTL.
Continuation handle (header section). A continuation point for the API. This value is set based on the contents of the Information Status variable in the generic header for the user space.
The following situations can occur:
- Information status-C. The information returned in the user space is valid and complete. No continuation is necessary and the continuation handle is set to blanks.
- Information status-P. The information returned in the user space is valid but incomplete. The user may call the API again, picking up where the last call ended. The continuation handle contains a value, that may be supplied as an input parameter in later calls.
- Information status-I. The information returned in the user space is not valid or complete. The contents of the continuation handle are unpredictable.
Continuation handle (input section). The handle used to continue from a previous call to this API that resulted in partially complete information.
Data add. Whether the user has this authority to the object. If the user has the authority, this field is Y. If not, this field is N.
Data delete. Whether the user has this authority to the object. If the user has the authority, this field is Y. If not, this field is N.
Data execute. Whether the user has this authority to the object. If the user has the authority, this field is Y. If not, this field is N.
Data read. Whether the user has this authority to the object. If the user has the authority, this field is Y. If not, this field is N.
Data update. Whether the user has this authority to the object. If the user has the authority, this field is Y. If not, this field is N.
Format name. The name of the format used to list objects the user is authorized to or owns.
Length of path name. The length, in bytes, of the path name.
Library name. The name of the library containing the user space or object.
Library name specified. The name of the library that will contain the user space or object.
List of requests. The list of values requested in the list of requests parameter.
Number of values in the request list. The number of values that were specified in the list of requests.
Object alter. Whether the user has this authority to the object. If the user has the authority, this field is Y. If not, this field is N.
Object existence. Whether the user has this authority to the object. If the user has the authority, this field is Y. If not, this field is N.
Object management. Whether the user has this authority to the object. If the user has the authority, this field is Y. If not, this field is N.
Object name. The name of the object the user is authorized to, owns, or is the primary group for.
Object operational. Whether the user has this authority to the object. If the user has the authority, this field is Y. If not, this field is N.
Object reference. Whether the user has this authority to the object. If the user has the authority, this field is Y. If not, this field is N.
Object type. Possible values are:
| Input Section | The type of object for which the list of authorized, owned, or primary group objects is returned. |
| List Section | The type of object the user is authorized to, owns, or is the primary group of. |
Offset to path name. The offset in the user space to the start of the path name.
Offset to the request list. The offset to the specified list of requests.
Ownership. Whether the user owns the object or is the primary group for the object. If the user owns the object, this field is Y. If the user is the primary group for the object, this field is G. Otherwise, this field is N.
Path name. The path name of the object the user owns, is authorized to, or is the primary group for.
The structure of the path name returned is:
| Description | Type |
|---|---|
| CCSID of the returned path name | Binary(4) |
| Country or region ID | Char(2) |
| Language ID | Char(3) |
| Reserved field | Char(3) |
| Flag byte | Binary(4) |
| Number of bytes in the path name | Binary(4) |
| Path delimiter | Char(2) |
| Reserved field | Char(10) |
| Path name value | Char(*) |
Primary group. The name of the user who is the primary group for the authorization list or object. If there is no primary group for the authorization list or object, this field will contain a value of *NONE.
Reason code. The reason code describing why the returned list is only a subset. The following values can be returned:
- Reason code 0000. The list returned in the user space contains all objects meeting the search criteria.
- Reason code 0001. Objects were found that meet the search criteria but could not be included in the returned list. The requested format could not handle path names for directory objects.
- Reason code 0002. Objects were found that meet the search criteria but could not be included in the returned list. The requested format could not handle objects found in library QSYS.
- Reason code 0003. Directory objects were found but did not have links to them.
Reserved. An ignored field.
Returned objects. The objects that are returned.
Text description. The text description of the object.
User profile name. The user name used to return the list of objects.
User profile name specified. The user name for which the list of objects is returned.
User space name. The name of the user space used to return the list of objects.
User space name specified. The name of the user space in which the list of objects is returned.
Error Messages
| Message ID | Error Message Text |
|---|---|
| CPF22FC E | Value &1 not valid when specifying objects to be returned by API &2. |
| CPF22FD E | Continuation handle not valid for API &1. |
| CPF2204 E | User profile &1 not found. |
| CPF2213 E | Not able to allocate user profile &1. |
| CPF2217 E | Not authorized to user profile &1. |
| CPF222A E | Value &1 not valid when specifying a list of requests for API &2. |
| CPF222B E | The requested list parameter is not specified for API &1. |
| CPF222C E | &1 is not valid for the number of requested list values for API &2. |
| CPF3CF1 E | Error code parameter not valid. |
| CPF3C21 E | Format name &1 is not valid. |
| CPF3C31 E | Object type &1 is not valid. |
| CPF3C90 E | Literal value cannot be changed. |
| CPF9801 E | Object &2 in library &3 not found. |
| CPF9802 E | Not authorized to object &2 in &3. |
| CPF9803 E | Cannot allocate object &2 in library &3. |
| CPF9807 E | One or more libraries in library list deleted. |
| CPF9808 E | Cannot allocate one or more libraries on library list. |
| CPF9810 E | Library &1 not found. |
| CPF9820 E | Not authorized to use library &1. |
| CPF9830 E | Cannot assign library &1. |
| CPF9872 E | Program or service program &1 in library &2 ended. Reason code &3. |
API introduced: V2R2
[ Back to top | Security APIs | APIs by category ]