On 19-Nov-2015 13:07 -0600, Roger Harman wrote:
I just tried it on our production system and got very few records
returned. Likely there is some authorization checking?
Would make sense since it's analogous to DSPUSRPRF.
Somewhat different than DSPUSRPRF, yet more like WRKUSRPRF, and even
more like WRKOBJ; I'd imply instead, much more analogous to DSPOBJD, but
only for the object name and Text (fields ODOBNM and ODOBTX).
The VIEW named AUTHORIZATIONS in QSYS2 [file name AUTHIDS] is a
derivation of the column data [columns OBJNAME and OBJTEXT] of the User
Defined Table Function (UDTF) named OBJECT_STATISTICS in library QSYS2
along with [at least in v7r1] two identical literal values 'USER',
having been invoked with the arguments 'QSYS' and 'USRPRF' for which the
request is to obtain the Object Information Record (OIR) and other
object details [e.g. size] about the objects in QSYS [aka objects in the
That UDF is what would be performing an authority check, possibly a
test of AUT(*ANY). Whereas the RTVUSRPRF and DSPUSRPRF might required
specifically, a minimum of AUT(*USE), or perhaps even more such as
AUT(*USE +*OBJMGT) for the minimum; I did not check the Security Guide.
I believe your results, described as being limited, likely due to
authority, probably reflects a proper outcome.
In my testing however, oddly [and I suppose quite possibly a
security\integrity defect for which a PTF has not been applied] for the
system on which I tried the UDTF, my user profile appears to be able to
see a vastly larger number of user profile names than I am able to via
either of the other interfaces WRKOBJ or WRKUSRPRF; nothing
conspicuously obvious being wrong with what was displayed using
DSPSRVPGM QSYS/QDBSSUDF2, the service program that implements the
feature, and only SPCAUT(*SAVSYS *JOBCTL) from my group. Perhaps
instead of a defect, just something I have overlooked.?
Anyhow from WRKUSRPRF I see three users that I surely have the
ability to see [myself, my group, and a user that my group profile had
created (but likely should not have)]. And in WRKOBJ I see an expected
list of users for which I have *ANY [i.e. one or more] authority bits
available to me via *PUBLIC which is the additional three user profiles:
QTMPLPD, QDBSHR, and QDBSHRDO. Given the OBJECT_STATISTICS is
effectively mimicking output for DSPOBJD or WRKOBJ, I would expect to
see only those same six users.
While I see also, that on the system I am using, someone had
/effectively corrupted/ the installation of the OS by having granted
*PUBLIC with many unexpected authorizations for some other
objects\object-types, I can not verify the same issue exists for any
*USRPRF objects. I am still unsure why I see more than six users,
except possibly by some defect.