The user profile associated with target IBM® i jobs must be authorized
to the equivalent CL commands before the DDM command can be processed.
The target job's user profile must be authorized to use the CL commands
listed here before DDM requests can be processed.
Table 1. User profile authority CL commands
| DDM command received |
DDM command description |
Object type |
Authorized CL command |
| CHGDRC |
Change Current Directory |
FLR |
NONE |
| CHGFAT |
Change File Attributes |
PFILE LF DOC/FLR |
CHGPF CHGLF NONE |
| CLOSE |
Close File |
FILE DOC |
NONE 1 NONE |
| CLRFIL |
Clear File |
FILE DOC |
NONE NONE |
| CLSDRC |
Close Directory |
FLR |
NONE |
| CPYFIL |
Copy File |
DOC |
NONE |
| CRTAIF |
Create Alternate Index File |
LF |
CRTLF |
| CRTDIRF |
Create Direct File |
PF |
CRTPF |
| CRTKEYF |
Create Key File |
PF |
CRTPF |
| CRTSEQF |
Create Sequential File |
PF |
CRTPF |
| CRTSTRF |
Create Stream File |
DOC |
NONE |
| CRTDRC |
Create Directory |
LIB FLR |
CRTLIB CRTFLR |
| DELFIL |
Delete File |
FILE DOC |
DLTF NONE |
| DELDRC |
Delete Directory |
LIB FLR |
DLTLIB NONE |
| GETDRCEN |
Get Directory Entry |
DOC/FLR |
NONE |
| LCKFIL |
Lock File |
FILE |
ALCOBJ |
| LODRECF |
Load (Put) Records to File |
FILE |
NONE 2 |
| LSTFAT |
List File Attributes |
FILE DOC/FLR |
NONE 3 NONE |
| OPEN |
Open File |
FILE DOC |
NONE 1 NONE |
| OPENDRC |
Open Directory |
FLR |
NONE |
| QRYSPC |
Query Space Available to User |
USRPRF |
NONE 4 |
| RNMDRC |
Rename Directory |
FLR LIB |
NONE RNMOBJ |
| RNMFIL |
Rename File |
FILE DOC MBR |
RNMOBJ NONE RNMM |
| UNLFIL |
Unlock File |
FILE |
NONE 5 |
| ULDRECF |
Unload Records From File |
FILE |
NONE 2 |
| |
|
|
|
- 1
- Authorization to a command is not verified because
there are means other than using a command interface by which IBM i users can open and
close files.
- 2
- Command authorization is not verified because there is not a direct,
one-to-one mapping between a CL command and the DDM LODRECF/ULDRECF command.
- 3
- Authorization to the DSPFD and DSPFFD commands
is not verified because it cannot be determined which command should
be verified. In addition, the conditions under which the DDM command
was issued by the client system are not known.
- 4
- The space available to a user can be obtained by issuing the DSPUSRPRF command,
but this is only a small piece of the data available through the use
of this command.
- 5
- Authorization to the CL DLCOBJ command is not
checked because if the remote user was able to allocate files, DDM
must be able to deallocate them.
|
|
The following table is an explanation of the object type
codes used in the preceding table.
Table 2. Object type codes definition
| Object type |
Object type definition |
| DOC |
Document |
| FLR |
Folder |
| PF |
Physical file |
| LF |
Logical file |
| LIB |
Library |
| MBR |
Member |
| SRCF |
Source physical file |
| USRPRF |
User profile |