Change DLO Authority (CHGDLOAUT)
The Change Document Library Object Authority (CHGDLOAUT) command allows you to change an existing user's authority to a document or folder. With this command, you can:
- Change an existing user's specific authority
- Change authority for users with no specific authority (*PUBLIC)
- Change the authorization list that specifies the object's security
- Change the existing security level, or change the security to that of a reference object.
Restrictions:
You must have all (*ALL) authority to the object, all object (*ALLOBJ) special authority, or be the owner of the object.
| Keyword |
Description |
Choices |
Notes |
| DLO |
Document library object |
Character value, *ALL, *SYSOBJNAM, *ROOT |
Required, Positional 1 |
| FLR |
Folder |
Character value, *NONE |
Optional |
| USRAUT |
User authority |
Single values: *SAME
Other values (up to 50 repetitions): Element list |
Optional |
| Element 1: User profile |
Name, *PUBLIC |
| Element 2: Authority level |
*USE, *CHANGE, *EXCLUDE, *ALL, *AUTL |
| AUTL |
Authorization list |
Name, *SAME, *NONE |
Optional |
| SENSITIV |
Sensitivity |
*SAME, *NONE, *PERSONAL, *PRIVATE, *CONFIDENTIAL |
Optional |
| REFDLO |
Reference DLO |
Character value, *NONE, *REFSYSOBJ |
Optional |
| REFFLR |
Reference folder |
Character value, *NONE |
Optional |
| SYSOBJNAM |
System object name |
Name |
Optional |
| REFSYSOBJ |
Reference system object |
Name |
Optional |
| PERSONAL |
Personal |
*SAME, *NO, *YES |
Optional |
Document library object (DLO)
Specifies the name of the document or folder for which user authority is changed.
This is a required parameter.
- *ALL
- User authority is changed for all objects in the specified folder. If *ALL is specified, a value must be specified on the Folder (FLR) parameter.
- *SYSOBJNAM
- The system object name specified on the System object name (SYSOBJNAM) parameter has user authority changed.
- *ROOT
- The public authority value of the *ROOT folder is changed.
- name
- Specify the user-assigned name of the document or folder object. A maximum of 12 characters can be specified.
Folder (FLR)
Specifies the folder where the object specified for the Document library object (DLO) parameter is located.
- *NONE
- A folder name is not specified.
- name
- Specify the user-assigned name of the folder. The folder name can consist of a series of folder names if the object is located in a folder that is contained in another folder. A maximum of 63 characters can be specified.
User authority (USRAUT)
Specifies the name of an existing user and the new user authority level.
When USRAUT((*PUBLIC *CHANGE)) is specified, all users can create first-level folders in the *ROOT folder. When USRAUT((*PUBLIC *USE)) is specified, only users with all object (*ALLOBJ) or security administrator (*SECADM) special authority can create first-level folders. Folder creation is the only function controlled by these values. Public authority is the only security value that can be specified for the *ROOT folder. Only change (*CHANGE) and use (*USE) public authorities can be specified for the *ROOT folder.
Single values
- *SAME
- Existing user authority does not change.
Element 1: User profile
- *PUBLIC
- Users with no specific authority and who are not on the authorization list have their authority changed.
- name
- Specify the name of the user profile whose specific authority is changed.
Element 2: Authority level
- *ALL
- The user can perform all operations except those limited to the owner or controlled by authorization list management (*AUTLMGT) authority. The user can control the object's existence, specify the security for the object, change the object, and perform basic functions on the object. The user also can change ownership of the object.
- *CHANGE
- The user can perform all operations on the object except those limited to the owner or controlled by object existence (*OBJEXIST) and object management (*OBJMGT) authorities. The user can change and perform basic functions on the object. *CHANGE authority provides object operational (*OBJOPR) authority and all data authority. If the object is an authorization list, the user cannot add, change, or remove users.
- *USE
- The user can perform basic operations on the object, such as running a program or reading a file. The user cannot change the object. Use (*USE) authority provides object operational (*OBJOPR), read (*READ), and execute (*EXECUTE) authorities.
- *EXCLUDE
- The user cannot access the object.
- *AUTL
- The authority of the authorization list specified on the Authorization list (AUTL) parameter is used for the document. The *AUTL value is valid only if *PUBLIC is also specified.
Authorization list (AUTL)
Specifies whether the existing authorization list is replaced by a different authorization list or removed from the document library object.
- *SAME
- The authorization list does not change.
- *NONE
- The document library object will no longer be secured by an authorization list. If the public authority to the document library object is *AUTL, it is changed to *EXCLUDE.
- name
- Specify the name of the new authorization list whose authority determines the object's security.
Sensitivity (SENSITIV)
Specifies one of four levels of sensitivity as defined by the X.400 standard. The four levels include no sensitivity, personal, private and company confidential. Any document marked as private is still available to users who are normally authorized to it, but is unavailable to users who are working on your behalf (even though it may be available to them when they are not working on your behalf).
- *SAME
- The value does not change.
- *NONE
- The document has no sensitivity restrictions.
- *PERSONAL
- The document is intended for the user as an individual.
- *PRIVATE
- The document contains information that should be accessed only by the owner. This value cannot be specified if the access code zero (0) is assigned to the object.
- *CONFIDENTIAL
- The document contains information that should be handled according to company procedures.
Reference DLO (REFDLO)
Specifies that the user authorities to the existing document or folder are replaced by user authorities to the referred to document library object including specific authorities, authority given to users with no specific authorities, authorization list authority, access codes, and personal status.
- *NONE
- A referred to object name is not specified.
- *REFSYSOBJ
- A referred to object is specified on the Reference system object (REFSYSOBJ) parameter. This is the system object name of a document or folder.
- name
- Specify the name of the document or folder that is referred to.
Reference folder (REFFLR)
Specifies the folder in which the referred to object specified on the Reference DLO (REFDLO) parameter is located.
- *NONE
- A folder name is not specified.
- name
- Specify the user-specified name of the referred to folder. The folder name can consist of a series of folder names if the object is located in a folder that is contained in another folder.
System object name (SYSOBJNAM)
Specifies the system object name of the document or folder. This parameter is valid only when *SYSOBJNAM is specified on the Document library object (DLO) parameter.
- name
- Specify the system object name of the document or folder using 10 characters.
Reference system object (REFSYSOBJ)
Specifies the system object name of the referred to document library object.
- name
- Specify the system object name of the referred to document library object using the entire 10 characters.
Personal (PERSONAL)
Specifies whether the document being changed is a personal document. If it is, only the owner or an authorized user can access it. Any document marked as private is still available to users who are normally authorized to it, but is unavailable to users who are working on your behalf (even though it may be available to them when they are not working on your behalf). This parameter is replaced by SENSITIV but the PERSONAL parameter can still be used. However, because this parameter may be removed in a later release, whenever possible use the SENSITIV parameter.
- *SAME
- The value does not change.
- *NO
- Access is allowed when a user is working on behalf of another. This value will map to SENSITIV(*NONE).
- *YES
- Access is not allowed when a user is working on behalf of another. PERSONAL(*YES) requires that USER(*PUBLIC) be *EXCLUDE. This value cannot be specified if the access code zero (0) is assigned to the object. This value will map to SENSITIV(*PRIVATE).
CHGDLOAUT DLO(MYDOC) FLR(MYFLR) USRAUT((*PUBLIC *AUTL))
AUTL(MYAUTL)
This command changes the authority of user *PUBLIC for document MYDOC in folder MYFLR. The authority specified on the authorization list for public (users with no specific authority for MYDOC, who are not on the authorization list MYAUTL, and whose user's group has no specific authority to MYDOC) is used to determine the public authority.
*ESCAPE Messages
- CPF8A75
- Not authorized to access folder &1.
- CPF8A77
- Folder &1 not found.
- CPF8A78
- Folder &1 in use.
- CPF8A79
- Folder &1 is logically damaged.
- CPF8A80
- Document &2 in use in folder &1.
- CPF8A82
- Document &2 not found in folder &1.
- CPF8A83
- Not authorized to access document &2 in folder &1.
- CPF8A88
- Operation not allowed on document &2 in folder &1.
- CPF8A89
- Document &2 in folder &1 is logically damaged.
- CPF90BA
- Authority request for document library object failed.
- CPF90B8
- No authority to specify a reference object for document library object &1.
- CPF901F
- *AUTL was specified for a user other than *PUBLIC.
- CPF9073
- No authority to view or change the security of document library object &1.
- CPF908A
- Requester &1 not enrolled.
- CPF908B
- Document library object not found.
- CPF908E
- &1 objects changed; &2 objects not changed.
- CPF909A
- Document &2 in folder &1 is damaged.
- CPF9095
- Folder &1 is damaged.