OBJECT_PRIVILEGES view
The OBJECT_PRIVILEGES view returns a row for every user authorized to an object, along with their associated object and data authorities.
The information returned is similar to the information available through the Display Object Authority (DSPOBJAUT) CL command.
Authorization: All authorized users are returned for an object when at least one of the
following is true:
- The caller has *OBJMGT authority.
- The caller is the owner of the object.
- The object is an authorization list.
- The caller is authorized to the Database Security Administrator function of IBM i. The Change Function Usage (CHGFCNUSG) command, with a function ID of QIBM_DB_SECADM, can be used to change the list of users allowed to use the function.
The following table describes the columns in the view. The system name is OBJ_PRIV. The schema is QSYS2.
Column name | System column name | Data type | Description |
---|---|---|---|
OBJECT_SCHEMA | OSCHEMA | VARCHAR(128) | The SQL schema name for this object. |
OBJECT_NAME | NAME | VARCHAR(128) Nullable
|
The SQL name of the object. For an external procedure or an external function, the name will be returned when a single procedure or function exists for that *PGM or *SRVPGM object. Contains the null value if an SQL name could not be returned. |
SYSTEM_OBJECT_SCHEMA | SYS_DNAME | VARCHAR(10) | The library that contains the object. |
SYSTEM_OBJECT_NAME | SYS_ONAME | VARCHAR(10) | The system object name. |
OBJECT_TYPE | OBJTYPE | VARCHAR(8) | The system object type. |
SQL_OBJECT_TYPE | SQLTYPE | VARCHAR(9) Nullable
|
The SQL object type. The following values can
be returned.
Returns the null value if the object is not an SQL object. |
AUTHORIZATION_NAME | USER_NAME | VARCHAR(10) | User profile name. Can contain the following
special value.
|
OBJECT_AUTHORITY | OBJ_AUTH | VARCHAR(12) | The authority that the user has to the object.
Contains one of the following special values:
|
OWNER | OWNER | VARCHAR(10) | The user profile that owns the object. |
OBJECT_OPERATIONAL | OBJOPER | VARCHAR(3) | Indicates the object operational authority for
AUTHORIZATION_NAME.
|
OBJECT_MANAGEMENT | OBJMGT | VARCHAR(3) | The object management authority for AUTHORIZATION_NAME.
|
OBJECT_EXISTENCE | OBJEXIST | VARCHAR(3) | The object existence authority for AUTHORIZATION_NAME.
|
OBJECT_ALTER | OBJALTER | VARCHAR(3) | The object alter authority for AUTHORIZATION_NAME.
|
OBJECT_REFERENCE | OBJREF | VARCHAR(3) | The object reference authority for AUTHORIZATION_NAME.
|
DATA_READ | DATA_READ | VARCHAR(3) | The data read authority for AUTHORIZATION_NAME.
|
DATA_ADD | DATA_ADD | VARCHAR(3) | The data add authority for AUTHORIZATION_NAME.
|
DATA_UPDATE | DATA_UPD | VARCHAR(3) | The data update authority for AUTHORIZATION_NAME.
|
DATA_DELETE | DATA_DEL | VARCHAR(3) | The data delete authority for AUTHORIZATION_NAME.
|
DATA_EXECUTE | DATA_EXEC | VARCHAR(3) | The data execute authority for AUTHORIZATION_NAME.
|
TEXT_DESCRIPTION | TEXT | VARCHAR(50) Nullable
|
The descriptive text for this object. Contains null if the object has no text description. |
Example
Find user profiles that are publicly accessible.
SELECT *
FROM QSYS2.OBJECT_PRIVILEGES
WHERE SYSTEM_OBJECT_SCHEMA = 'QSYS' AND
OBJECT_TYPE = '*USRPRF' AND
AUTHORIZATION_NAME = '*PUBLIC' AND
OBJECT_AUTHORITY <> '*EXCLUDE';