Display Object Authority (DSPOBJAUT)
| Where allowed to run: All environments (*ALL) Threadsafe: No |
Parameters Examples Error messages |
The Display Object Authority (DSPOBJAUT) command displays the list of authorized users of an object and their assigned authority. If the object is secured by an authorization list, the name of the authorization list is also displayed. The public authority and primary group authority are also shown.
If the user entering the command does not have object management (*OBJMGT) authority to the object, only that user's name and authorities are shown. The names of the other users and their authorities for the object are not shown. If an object does not have an owner name associated with it, no authorities for the object are shown.
The following are shown for the specified object:
- The object name
- The name of the library containing the object
- The name of the object owner
- The object type
- A list of all the users who are authorized to use the object
- The authority that each user has for the object
- The authorization list name (if the object is secured by an authorization list)
Restrictions: You must have use (*USE) authority to the auxiliary storage pool device if one is specified.
| Top |
Parameters
| Keyword | Description | Choices | Notes |
|---|---|---|---|
| OBJ | Object | Qualified object name | Required, Positional 1 |
| Qualifier 1: Object | Name | ||
| Qualifier 2: Library | Name, *LIBL, *CURLIB | ||
| OBJTYPE | Object type | *ALRTBL, *AUTL, *BNDDIR, *CFGL, *CHTFMT, *CLD, *CLS, *CMD, *CNNL, *COSD, *CRG, *CRQD, *CSI, *CSPMAP, *CSPTBL, *CTLD, *DEVD, *DOC, *DTAARA, *DTADCT, *DTAQ, *EDTD, *EXITRG, *FCT, *FILE, *FLR, *FNTRSC, *FNTTBL, *FORMDF, *FTR, *GSS, *IGCDCT, *IGCSRT, *IGCTBL, *IMGCLG, *IPXD, *JOBD, *JOBQ, *JOBSCD, *JRN, *JRNRCV, *LIB, *LIND, *LOCALE, *M36, *M36CFG, *MEDDFN, *MENU, *MGTCOL, *MODD, *MODULE, *MSGF, *MSGQ, *NODGRP, *NODL, *NTBD, *NWID, *NWSCFG, *NWSD, *OUTQ, *OVL, *PAGDFN, *PAGSEG, *PDFMAP, *PDG, *PGM, *PNLGRP, *PRDAVL, *PRDDFN, *PRDLOD, *PSFCFG, *QMFORM, *QMQRY, *QRYDFN, *RCT, *S36, *SBSD, *SCHIDX, *SPADCT, *SQLPKG, *SQLUDT, *SQLXSR, *SRVPGM, *SSND, *SVRSTG, *TBL, *TIMZON, *USRIDX, *USRPRF, *USRQ, *USRSPC, *VLDL, *WSCST | Required, Positional 2 |
| ASPDEV | ASP device | Name, *, *SYSBAS | Optional |
| OUTPUT | Output | *, *PRINT, *OUTFILE | Optional, Positional 3 |
| OUTFILE | File to receive output | Single values: *NONE Other values: Qualified object name |
Optional |
| Qualifier 1: File to receive output | Name | ||
| Qualifier 2: Library | Name, *LIBL, *CURLIB | ||
| OUTMBR | Output member options | Element list | Optional |
| Element 1: Member to receive output | Name, *FIRST | ||
| Element 2: Replace or add records | *REPLACE, *ADD | ||
| AUTTYPE | Authority type | *OBJECT, *FIELD, *ALL | Optional |
| Top |
Object (OBJ)
Specifies the object for which the authorized users and their authority are to be displayed.
This is a required parameter.
- name
- Specify the name of the object.
Qualifier 2: Library
- *LIBL
- All libraries in the library list for the current thread are searched until the first match is found.
- *CURLIB
- The current library for the thread is searched. If no library is specified as the current library for the thread, the QGPL library is used.
- name
- Specify the name of the library to be searched.
| Top |
Object type (OBJTYPE)
Specifies the object type of the object whose authority is to be displayed, such as program (*PGM), file (*FILE), or library (*LIB). To see a complete list of object types when prompting this command, position the cursor on the field for this parameter and press F4 (Prompt).
This is a required parameter.
| Top |
ASP device (ASPDEV)
Specifies the auxiliary storage pool (ASP) device name where the library that contains the object (OBJ parameter) is located. If the object's library resides in an ASP that is not part of the library name space associated with the job, this parameter must be specified to ensure the correct object is used as the target of this command's operation.
- *
- The ASPs that are currently part of the job's library name space will be searched to locate the object. This includes the system ASP (ASP number 1), all defined basic user ASPs (ASP numbers 2-32), and, if the job has an ASP group, all independent ASPs in the ASP group.
- *SYSBAS
- The system ASP and all basic user ASPs will be searched to locate the object. No independent ASPs will be searched, even if the job has an ASP group.
- name
- Specify the device name of the independent ASP to be searched to locate the object. The independent ASP must have been activated (by varying on the ASP device) and have a status of AVAILABLE. The system ASP and basic user ASPs will not be searched.
| Top |
Output (OUTPUT)
Specifies where the output from the command is sent.
- *
- The output is displayed (if requested by an interactive job) or printed with the job's spooled output (if requested by a batch job).
- The output is printed with the job's spooled output.
- *OUTFILE
- The output is directed to the database file specified for the File to receive output (OUTFILE) parameter.
| Top |
File to receive output (OUTFILE)
Specifies the database file to which the output of the command is directed. If the file does not exist, this command creates a database file in the specified library. If the file is created, the public authority for the file is the same as the create authority specified for the library in which the file is created. Use the Display Library Description (DSPLIBD) command to show the library's create authority.
Qualifier 1: File to receive output
- name
- Specify the name of the database file to which the command output is directed.
Qualifier 2: Library
- *LIBL
- The library list is used to locate the file. If the file is not found, one is created in the current library. If no current library exists, the file will be created in the QGPL library.
- *CURLIB
- The current library for the thread is used to locate the file. If no library is specified as the current library for the thread, the QGPL library is used.
- name
- Specify the name of the library to be searched.
Note: If a new file is created, the system uses QAOBJAUT in QSYS with a format name of QSYDSAUT as a model.
If AUTTYPE(*FIELD) is specified for a *FILE object and a new outfile is created, the system uses QAFLDAUT in QSYS with a format name of QSYDSFLD as a model.
| Top |
Output member options (OUTMBR)
Specifies the name of the database file member that receives the output of the command.
Element 1: Member to receive output
- *FIRST
- The first member in the file receives the output. If OUTMBR(*FIRST) is specified and the member does not exist, the system creates a member with the name of the file specified for the File to receive output (OUTFILE) parameter. If the member already exists, you have the option to add new records to the end of the existing member or clear the member and then add the new records.
- name
- Specify the name of the file member that receives the output. If it does not exist, the system creates it.
Element 2: Replace or add records
- *REPLACE
- The system clears the existing member and adds the new records.
- *ADD
- The system adds the new records to the end of the existing records.
| Top |
Authority type (AUTTYPE)
Specifies whether object level authority, field level authority, or both object level and field level authority are displayed. Field level authority information only applies to *FILE objects.
- *OBJECT
- The object level authority information is displayed, placed in a spooled file, or placed in an outfile.
If OUTPUT(*) is requested and the object is a file with field level authorities, the F16 key, Display Field Authorities, will be enabled on the display.
- *FIELD
- The field level authority information is displayed, placed in a spooled file, or placed in an outfile.
This value is only valid if *FILE is specified for the Object type (OBJTYPE) parameter.
- *ALL
- If OUTPUT(*) is requested, the object level authority information is displayed. If there are field level authorities associated with the file, the F16 key, Display Field Authorities, will be enabled on the display. If OUTPUT(*PRINT) is requested, the object level and field level authority data are included in the spooled file. AUTTYPE(*ALL) is not valid with OUTPUT(*OUTFILE).
This value is only valid if *FILE is specified for the Object type (OBJTYPE) parameter.
| Top |
Examples
Example 1: Displaying Users and Authorities
DSPOBJAUT OBJ(ARLIB/PROG1) OBJTYPE(*PGM)
This command shows the authorized users and their authorities for the object named PROG1 to the user who entered the command, if that user has object management authority for the object. If the user does not have object management authority, only personal authorities are shown. PROG1 is a program (*PGM) located in the library named ARLIB. The system assumes * for the device that shows the output list. If the command was entered in the batch subsystem, the output is placed in the default output queue for the job. If the command was entered in the interactive subsystem, the output is shown on the device where the user entered the command.
Example 2: Printing List of Users
DSPOBJAUT OBJ(ARLIB/PROG2) OBJTYPE(*PGM) OUTPUT(*PRINT)
This command causes the list of authorized users of the program named PROG2 in the ARLIB library to be printed. If the user who enters the command does not have object management authority for the program, only that user's name and authorities are printed.
| Top |
Error messages
*ESCAPE Messages
- CPF2204
- User profile &1 not found.
- CPF2207
- Not authorized to use object &1 in library &3 type *&2.
- CPF2208
- Object &1 in library &3 type *&2 not found.
- CPF2209
- Library &1 not found.
- CPF2211
- Not able to allocate object &1 in &3 type *&2.
- CPF2216
- Not authorized to use library &1.
- CPF224E
- The AUTTYPE value of *FIELD is not valid for file &1 in library &2.
- CPF2283
- Authorization list &1 does not exist.
- CPF9843
- Object &1 in library &3 type &2 cannot be accessed.
- CPF9860
- Error occurred during output file processing.
| Top |