MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » January 2014

Re: How to report on private authorities for a usrprf?



fixed

On 13-Jan-2014 06:16 -0800, fbocch2595@xxxxxxx wrote:

I want to know where a certain USRPRF has been granted a private
authority to any objects on my system and the best way to report on
that? Any ideas? I'm thinking I should PRTPVTAUT and read that
SPLF but if anyone knows of a better way to do it <<SNIP>>


The model output file QADSPUPA record format QSYDSUPA is provided for the Display User Profile (DSPUSRPRF) command with the option to provide Private Authorities held by a user for /QSYS.LIB object [and probably /QDLS objects with *SYSOBJNAM provided] to which the user has some explicitly granted authority; i.e. when invoked using the request to include Object Authority information on the Type of Information (TYPE) parameter, per TYPE(*OBJAUT) specification. I am not aware of an equivalent API, such that objects outside /QSYS.LIB hopefully also would be included. For example:
DSPUSRPRF TYPE(*OBJAUT) OUTPUT(*OUTFILE) OUTFILE(QTEMP/UPOA)

Another approach would be to output all privately authorized users for every object. The Display Object Authorities (DSPOBJAUT) command alto has Output File support, with model output file QAOBJAUT and record format QSYDSAUT; again, limited to those same file systems. However using this approach, to include more than those objects tracked to the /QSYS.LIB, there is also available:
<http://pic.dhe.ibm.com/infocenter/iseries/v7r1m0/topic/apis/qsyrtvua.htm>
_Retrieve Users Authorized to an Object (QSYRTVUA) API_
"...
The Retrieve Users Authorized to an Object (QSYRTVUA) API provides information about the users who are authorized to an object. The API returns the following information:

• A list of users who have a private authority to the object and the authority that the users have
• The public authority for the object
• Other authority information for the object, such as the name of the owner, the primary group, and the authorization list securing the object
• For objects in the QDLS file system, the sensitivity level of the object

This API provides information that is similar to the Display Authority (DSPAUT) command.
..."






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact