Change Object Owner (CHGOBJOWN)

Where allowed to run: All environments (*ALL)
Threadsafe: No

The Change Object Owner (CHGOBJOWN) command transfers object ownership from one user to another. The authorities that other users have to the object are not changed.

The owner of an object always has all the authorities applicable to the object unless they are explicitly revoked. The owner of an object has the authority to grant any authorities to any user for that object. Owners can also grant to themselves authorities that were previously revoked. Owners may, for example, remove some of their specific authorities as a precautionary measure, and then, when the need arises, grant those same authorities to themselves again.

A user with *ALLOBJ special authority or a user authorized to the Database Security Administrator function of IBM i has complete authority for all objects and can transfer the ownership of any object. The Change Function Usage (CHGFCNUSG) command, with a function ID of QIBM_DB_SECADM, can be used to change the list of authorized users. Note: If a user has a usage setting of *DENIED or does not have a usage setting then the user's object authorities will be used.

All users have add and delete authorities for their own user profiles; that is, users can add objects to or delete objects (that they created) from their own user profiles by transferring the ownership of the object.

Restrictions:

To transfer ownership, any user (including the object's present owner) must have:
- Object existence (*OBJEXIST) authority for the object (except authorization list)
- Object operational (*OBJOPR) and *OBJEXIST authorities if the object is a file, library, or subsystem description
- All object (*ALLOBJ) special authority or ownership if the object is an authorization list
- Add (*ADD) authority for the new owner's user profile
- Delete (*DLT) authority for the present owner's user profile
- All object (*ALLOBJ) and security administrator (*SECADM) special authorities to change the object owner of a program or an SQL (Structured Query Language) package that adopts its owner's authority.
- Use (*USE) authority to the auxiliary storage pool device if one is specified.
For display stations, if this command is not run from the device whose ownership is to be changed or whose message queue's ownership is to be changed, this command should be preceded by the Allocate Object (ALCOBJ) command and followed by the Deallocate Object (DLCOBJ) command.
Object type *DOC or *FLR cannot be specified; the user must use DLO (document interchange) support.
Changing the ownership of an object that has an authority holder associated with it also changes the ownership of the authority holder.

Top

Parameters

Keyword	Description	Choices	Notes
OBJ	Object	Qualified object name	Required, Positional 1
	Qualifier 1: Object	Name
	Qualifier 2: Library	Name, LIBL, CURLIB
OBJTYPE	Object type	ALRTBL, AUTL, BNDDIR, CFGL, CHTFMT, CLD, CLS, CMD, CNNL, COSD, CRG, CRQD, CSI, CSPMAP, CSPTBL, CTLD, DEVD, DTAARA, DTADCT, DTAQ, EDTD, FCT, FILE, FNTRSC, FNTTBL, FORMDF, FTR, GSS, IGCDCT, IGCSRT, IMGCLG, IPXD, JOBD, JOBQ, JRN, JRNRCV, LIB, LIND, LOCALE, M36, M36CFG, MEDDFN, MENU, MGTCOL, MODD, MODULE, MSGF, MSGQ, NODGRP, NODL, NTBD, NWID, NWSCFG, NWSD, OUTQ, OVL, PAGDFN, PAGSEG, PDFMAP, PDG, PGM, PNLGRP, PRDAVL, PRDDFN, PRDLOD, PSFCFG, QMFORM, QMQRY, QRYDFN, RCT, S36, SBSD, SCHIDX, SPADCT, SQLPKG, SQLUDT, SQLXSR, SRVPGM, SSND, SVRSTG, TBL, TIMZON, USRIDX, USRPRF, USRQ, USRSPC, VLDL, WSCST	Required, Positional 2
ASPDEV	ASP device	Name, , SYSBAS	Optional
NEWOWN	New owner	Name	Required, Positional 3
CUROWNAUT	Current owner authority	REVOKE, SAME	Optional

Top

Object (OBJ)

Specifies the object that is to be assigned to a new owner.

This is a required parameter.

Note: A library name can be specified to ensure that the correct object changes ownership.

Qualifier 1: Object

name: Specify the name of the object whose ownership is to be changed.

Qualifier 2: Library

*LIBL: All libraries in the library list for the current thread are searched until the first match is found.
*CURLIB: The current library for the thread is searched. If no library is specified as the current library for the thread, the QGPL library is used.
name: Specify the name of the library to be searched.

Top

Object type (OBJTYPE)

Specifies the object type of the object whose ownership is to be changed.

For more information, refer to the OBJTYPE parameter description in "Commonly used parameters: Expanded descriptions" in CL topic collection in the Programming category in the IBM i Information Center at http://www.ibm.com/systems/i/infocenter/.

This is a required parameter.

object-type: Specify the object type of the object for which ownership is to be changed.

Top

ASP device (ASPDEV)

Specifies the auxiliary storage pool (ASP) device name where the library that contains the object (OBJ parameter) is located. If the object's library resides in an ASP that is not part of the library name space associated with the job, this parameter must be specified to ensure the correct object is used as the target of this command's operation.

*: The ASPs that are currently part of the job's library name space will be searched to locate the object. This includes the system ASP (ASP number 1), all defined basic user ASPs (ASP numbers 2-32), and, if the job has an ASP group, all independent ASPs in the ASP group.
*SYSBAS: The system ASP and all basic user ASPs will be searched to locate the object. No independent ASPs will be searched, even if the job has an ASP group.
name: Specify the device name of the independent ASP to be searched to locate the object. The independent ASP must have been activated (by varying on the ASP device) and have a status of AVAILABLE. The system ASP and basic user ASPs will not be searched.

Top

New owner (NEWOWN)

Specifies the user profile of the new owner for the object. The user profile must exist when this command is run.

This is a required parameter.

name: Specify the name of the user profile.

Top

Current owner authority (CUROWNAUT)

Specifies whether the authorities for the current owner are revoked when ownership is changed.

*REVOKE: The authority of the current owner is revoked when the object ownership is changed to the new owner.
*SAME: The current owner's authority is retained as a private authority to the object.

Top

Examples

CHGOBJOWN   OBJ(USERLIB/PROGRAM1)  OBJTYPE(*PGM)  NEWOWN(ANN)

This command assigns ownership of the program named PROGRAM1, located in the user library named USERLIB, to the user named ANN. The authority is revoked from the current owner.

Top

Error messages

*ESCAPE Messages

CPF0609: Not allowed to use specified user profile.
CPF22BD: Ownership may not have been changed for object &1 in &3 type *&2.
CPF22BE: Function not done for user profile &1.
CPF22DA: Operation on file &1 in &2 not allowed.
CPF220A: New owner &1 does not have a uid.
CPF220C: Owner and primary group cannot be the same.
CPF2204: User profile &1 not found.
CPF2207: Not authorized to use object &1 in library &3 type *&2.
CPF2208: Object &1 in library &3 type *&2 not found.
CPF2209: Library &1 not found.
CPF2210: Operation not allowed for object type *&1.
CPF2211: Not able to allocate object &1 in &3 type *&2.
CPF2213: Not able to allocate user profile &1.
CPF2216: Not authorized to use library &1.
CPF2217: Not authorized to user profile &1.
CPF2222: Storage limit is greater than specified for user profile &1.
CPF2226: Function not done for user profile &1.
CPF2230: Not authorized to object &1 in library &3.
CPF2231: Not authorized to change ownership for program &1.
CPF2232: Not authorized to user profile &1.
CPF2233: No delete authority to user profile &1.
CPF2298: Authority not revoked for object &2 in &3 from user &1.
CPF4AC0: Owner cannot be changed to &1 for object &2 in &3 type *&4.

Top