On 13-Jan-2014 06:16 -0800, fbocch2595@xxxxxxx wrote:

I want to know where a certain USRPRF has been granted a private
authority to any objects on my system and the best way to report on
that? Any ideas? I'm thinking I should PRTPVTAUT and read that
SPLF but if anyone knows of a better way to do it <<SNIP>>

The model output file QADSPUPA record format QSYDSUPA is provided for the Display User Profile (DSPUSRPRF) command with the option to provide Private Authorities held by a user for /QSYS.LIB object [and probably /QDLS objects with *SYSOBJNAM provided] to which the user has some explicitly granted authority; i.e. when invoked using the request to include Object Authority information on the Type of Information (TYPE) parameter, per TYPE(*OBJAUT) specification. I am not aware of an equivalent API, such that objects outside /QSYS.LIB hopefully also would be included. For example:

Another approach would be to output all privately authorized users for every object. The Display Object Authorities (DSPOBJAUT) command alto has Output File support, with model output file QAOBJAUT and record format QSYDSAUT; again, limited to those same file systems. However using this approach, to include more than those objects tracked to the /QSYS.LIB, there is also available:
_Retrieve Users Authorized to an Object (QSYRTVUA) API_
The Retrieve Users Authorized to an Object (QSYRTVUA) API provides information about the users who are authorized to an object. The API returns the following information:

• A list of users who have a private authority to the object and the authority that the users have
• The public authority for the object
• Other authority information for the object, such as the name of the owner, the primary group, and the authorization list securing the object
• For objects in the QDLS file system, the sensitivity level of the object

This API provides information that is similar to the Display Authority (DSPAUT) command.

This thread ...

Return to Archive home page | Return to MIDRANGE.COM home page