Change Object Primary Group (CHGOBJPGP)
| Where allowed to run: All environments (*ALL) Threadsafe: No |
Parameters Examples Error messages |
The Change Object Primary Group (CHGOBJPGP) command changes the object's primary group from one user to another. The owner's and other users' private authorities to the object do not change.
A user with *ALLOBJ special authority or a user authorized to the Database Security Administrator function of IBM i has complete authority for all objects and can transfer the primary group of any object. The Change Function Usage (CHGFCNUSG) command, with a function ID of QIBM_DB_SECADM, can be used to change the list of authorized users. Note: If a user has a usage setting of *DENIED or does not have a usage setting then the user's object authorities will be used.
Restrictions:
- To change the primary group, you must have the following:
- Object existence (*OBJEXIST) authority for the object
- Object operational (*OBJOPR) and *OBJEXIST authorities if the object is a file, library, or subsystem description
- All object (*ALLOBJ) special authority, or ownership, if the object is an authorization list
- Object management (*OBJMGT) authority for the object, if revoking the authority for the old primary group
- *OBJMGT authority for the object and the authorities to be given, if a value other than *PRIVATE is specified for the PGPAUT parameter
- Use (*USE) authority to the auxiliary storage pool device if one is specified.
- Object type *DOC or *FLR cannot be specified; the user must use DLO support
- The new primary group user cannot be the owner of the object
- The new primary group user must have a group ID number (gid)
| Top |
Parameters
| Keyword | Description | Choices | Notes |
|---|---|---|---|
| OBJ | Object | Qualified object name | Required, Positional 1 |
| Qualifier 1: Object | Name | ||
| Qualifier 2: Library | Name, *LIBL, *CURLIB | ||
| OBJTYPE | Object type | *ALRTBL, *AUTL, *BNDDIR, *CFGL, *CHTFMT, *CLD, *CLS, *CMD, *CNNL, *COSD, *CRG, *CRQD, *CSI, *CSPMAP, *CSPTBL, *CTLD, *DEVD, *DTAARA, *DTADCT, *DTAQ, *EDTD, *FCT, *FILE, *FNTRSC, *FNTTBL, *FORMDF, *FTR, *GSS, *IGCDCT, *IMGCLG, *IPXD, *JOBD, *JOBQ, *JRN, *JRNRCV, *LIB, *LIND, *LOCALE, *M36, *M36CFG, *MEDDFN, *MENU, *MGTCOL, *MODD, *MODULE, *MSGF, *MSGQ, *NODGRP, *NODL, *NTBD, *NWID, *NWSCFG, *NWSD, *ORTBL, *OUTQ, *OVL, *PAGDFN, *PAGSEG, *PDFMAP, *PDG, *PGM, *PNLGRP, *PRDAVL, *PRDDFN, *PRDLOD, *PSFCFG, *QMFORM, *QMQRY, *QRYDFN, *RCT, *S36, *SBSD, *SCHIDX, *SPADCT, *SQLPKG, *SQLUDT, *SQLXSR, *SRVPGM, *SSND, *SVRSTG, *TBL, *TIMZON, *USRIDX, *USRPRF, *USRQ, *USRSPC, *VLDL, *WSCST | Required, Positional 2 |
| ASPDEV | ASP device | Name, *, *SYSBAS | Optional |
| NEWPGP | New primary group | Name, *NONE | Required, Positional 3 |
| PGPAUT | New primary group authority | *OLDPGP, *PRIVATE, *ALL, *CHANGE, *USE, *EXCLUDE | Optional |
| RVKOLDAUT | Revoke old authority | *YES, *NO | Optional |
| Top |
Object (OBJ)
Specifies the object that is to have its primary group changed.
This is a required parameter.
Note: A library name can be specified to ensure that the correct object has its primary group changed.
- name
- Specify the name of the object that is to have its primary group changed to another user.
Qualifier 2: Library
- *LIBL
- All libraries in the library list for the current thread are searched until the first match is found.
- *CURLIB
- The current library for the thread is searched. If no library is specified as the current library for the thread, the QGPL library is used.
- name
- Specify the name of the library to be searched.
| Top |
Object type (OBJTYPE)
Specifies the object type of the object whose primary group is to be changed. For more information, refer to the OBJTYPE parameter description in "Commonly used parameters: Expanded descriptions" in CL topic collection in the Programming category in the IBM i Information Center at http://www.ibm.com/systems/i/infocenter/.
This is a required parameter.
- object-type
- Specify the object type of the object to be changed.
| Top |
ASP device (ASPDEV)
Specifies the auxiliary storage pool (ASP) device name where the library that contains the object (OBJ parameter) is located. If the object's library resides in an ASP that is not part of the library name space associated with the job, this parameter must be specified to ensure the correct object is used as the target of this command's operation.
- *
- The ASPs that are currently part of the job's library name space will be searched to locate the object. This includes the system ASP (ASP number 1), all defined basic user ASPs (ASP numbers 2-32), and, if the job has an ASP group, all independent ASPs in the ASP group.
- *SYSBAS
- The system ASP and all basic user ASPs will be searched to locate the object. No independent ASPs will be searched, even if the job has an ASP group.
- name
- Specify the device name of the independent ASP to be searched to locate the object. The independent ASP must have been activated (by varying on the ASP device) and have a status of AVAILABLE. The system ASP and basic user ASPs will not be searched.
| Top |
New primary group (NEWPGP)
Specifies the user who is to be the new primary group for the object. The user profile must already exist when this command is run, and must have a group identifier (or gid) assigned to it.
This is a required parameter.
- *NONE
- The object does not have a primary group.
- name
- Specify the name of the user profile who is to be the new primary group for the object.
| Top |
New primary group authority (PGPAUT)
Specifies what authority the new primary group has to the object.
- *OLDPGP
- The new primary group has whatever authority the old primary group had to the object.
- *PRIVATE
- The new primary group has whatever private authority it had to the object. If the new primary group does not have a private authority to the object, it becomes the primary group but does not have any authority to the object.
- *ALL
- The user can perform all operations except those limited to the owner or controlled by authorization list management authority. The user can control the object's existence, specify the security for the object, change the object, and perform basic functions on the object. The user can also change ownership of the object.
- *CHANGE
- The new primary group is given change authority to the object.
- *USE
- The user can perform basic operations on the object, such as running a program or reading a file. The user cannot change the object. *USE authority provides object operational authority, read authority, and execute authority.
- *EXCLUDE
- The user cannot access the object.
| Top |
Revoke old authority (RVKOLDAUT)
Specifies whether the authorities for the current primary group are revoked when the primary group is changed to the user specified for the New primary group (NEWPGP) parameter.
- *YES
- The authorities for the current primary group are revoked when the primary group is changed to the other user.
- *NO
- The authorities for the current primary group become a private authority when the primary group is changed to the other user.
| Top |
Examples
CHGOBJPGP OBJ(USERLIB/PROGRAM1) OBJTYPE(*PGM) NEWPGP(ANN)
PGPAUT(*CHANGE)
This command changes the primary group for the program named PROGRAM1, located in the user library USERLIB, to the group named ANN. The new primary group has *CHANGE authority to the object. The authority is revoked from the current primary group.
| Top |
Error messages
*ESCAPE Messages
- CPF22BE
- Function not done for user profile &1.
- CPF22DA
- Operation on file &1 in &2 not allowed.
- CPF220B
- New primary group &1 does not have a gid.
- CPF220C
- Owner and primary group cannot be the same.
- CPF220D
- Primary group may not be changed for object &1 in &3 type &2.
- CPF2204
- User profile &1 not found.
- CPF2207
- Not authorized to use object &1 in library &3 type *&2.
- CPF2208
- Object &1 in library &3 type *&2 not found.
- CPF2209
- Library &1 not found.
- CPF221D
- Primary group may not have been changed for object &1 in &3 type *&2.
- CPF2210
- Operation not allowed for object type *&1.
- CPF2211
- Not able to allocate object &1 in &3 type *&2.
- CPF2213
- Not able to allocate user profile &1.
- CPF2216
- Not authorized to use library &1.
- CPF2217
- Not authorized to user profile &1.
- CPF2222
- Storage limit is greater than specified for user profile &1.
- CPF2226
- Function not done for user profile &1.
- CPF2230
- Not authorized to object &1 in library &3.
- CPF2232
- Not authorized to user profile &1.
- CPF2233
- No delete authority to user profile &1.
| Top |