Print Private Authorities (PRTPVTAUT)

Where allowed to run: All environments (*ALL)
Threadsafe: No
Parameters
Examples
Error messages

The Print Private Authority (PRTPVTAUT) command allows you to print a report of all the private authorities for objects of a specified type in a specified library, folder or directory. The report will list all objects of the specified type and the users that are authorized to the object. This is a way to check for different sources of authority to objects.

This command will print three reports for the selected objects. The first report (Full Report) will contain all of the private authorities for each of the selected objects.

The second report (Changed Report) will contain additions/changes to the private authorities to the selected objects if the PRTPVTAUT command was previously run for the specified objects in the specified library or folder. Any new objects of the selected type, new authorities to existing objects, or changes to existing authorities to the existing objects will be listed in the 'Changed Report'. If the PRTPVTAUT command was not previously run for the specified objects in the specified library or folder, there will be no 'Changed Report'. If the command has been previously run but no changes have been made to the authorities on the objects, then the 'Changed Report' will be printed but there will be no objects listed.

The third report (Deleted Report) will contain any deletions of privately authorized users from the specified objects since the PRTPVTAUT command was previously run. Any objects that were deleted or any users that were removed as privately authorized users will be listed in the 'Deleted Report'. If the PRTPVTAUT command was not previously run, there will be no 'Deleted Report'. If the command has been previously run but no delete operations have been done to the objects, then the 'Deleted Report' will be printed but there will be no objects listed.

The reports will contain the following information:

The file QPVXXXXXXX (where 'XXXXXXX' is the object type specified on the command) in library QUSRSYS contains information from the last time the PRTPVTAUT command was run. If object type is not *BLKSF, *DIR, *DOC, *FLR, *SOCKET, *STMF, or *SYMLNK there is a member within the file, with the same name as the library, for each library that has been previously specified on the command. For object types that don't require a library to be specified (e.g. *USRPRF), the library name is QSYS. System file QAOBJAUT in library QSYS with format name of QSYDSAUT is the model file for the file.

If the object type is *FLR, the first member will contain the information from the previous time *FLR was specified on the command. System file QASECDLO in library QSYS with format name of QSECDLO is the model file for the file.

If the object type is *DOC, there is a member within the file for each folder that has been previously specified on the command. The member name will be the same as the system name of the folder. System file QASECDLO in library QSYS with format name of QSECDLO is the model file for the file.

If the object type is *FILE and the AUTTYPE parameter value is *FIELD or *ALL, the Display Object Authority (DSPOBJAUT) command will be run for each file that has field level authorities associated with it. For each of these files, a spooled file by the name of QPOBJAUT will be created that contains all of the field level authority data for the file. There is no changed report support available for the field level authority data on a file.

If the object type is *BLKSF, *DIR, *SOCKET, *STMF, or *SYMLNK, there is a member within the file for each directory that has previously been specified in the Directory (DIR) parameter. The member names are based on the order the directories are processed. The member naming convention is x000000001, x000000002, and so on. The first character in the member name will either be N or Y. This character indicates if the subdirectories were searched when the data was gathered. N indicates the subdirectories were not searched, Y indicates they were searched. Once a member name has been assigned to a directory, the numeric portion with the appropriate prefix is used for all of the object types listed above. The system file QASECDIR in library QSYS with format name of QSECDIR is the model file for the file.

Note: The file QASECGFIPV in library QUSRSYS contains the file ID values of every directory that has been processed and the Nxxxxxxxxx member name that has been assigned to it. The system file QASECGFI in library QSYS with format name of QSECGFI is the model file for QASECGFIPV.

Restriction: You must have all object (*ALLOBJ) or audit (*AUDIT) special authority to run this command.

Top

Parameters

Keyword Description Choices Notes
OBJTYPE Object type *ALRTBL, *AUTL, *BLKSF, *BNDDIR, *CFGL, *CHRSF, *CHTFMT, *CLD, *CLS, *CMD, *CNNL, *COSD, *CRG, *CRQD, *CSI, *CSPMAP, *CSPTBL, *CTLD, *DEVD, *DIR, *DOC, *DTAARA, *DTADCT, *DTAQ, *EDTD, *EXITRG, *FCT, *FIFO, *FILE, *FLR, *FNTRSC, *FNTTBL, *FORMDF, *FTR, *GSS, *IGCDCT, *IGCSRT, *IGCTBL, *IMGCLG, *IPXD, *JOBD, *JOBQ, *JOBSCD, *JRN, *JRNRCV, *LIB, *LIND, *LOCALE, *M36, *M36CFG, *MEDDFN, *MENU, *MGTCOL, *MODD, *MODULE, *MSGF, *MSGQ, *NODGRP, *NODL, *NTBD, *NWID, *NWSCFG, *NWSD, *OUTQ, *OVL, *PAGDFN, *PAGSEG, *PDFMAP, *PDG, *PGM, *PNLGRP, *PRDAVL, *PRDDFN, *PRDLOD, *PSFCFG, *QMFORM, *QMQRY, *QRYDFN, *RCT, *SBSD, *SCHIDX, *SOCKET, *SPADCT, *SQLPKG, *SQLUDT, *SRVPGM, *SSND, *STMF, *SVRSTG, *SYMLNK, *S36, *TBL, *TIMZON, *USRIDX, *USRPRF, *USRQ, *USRSPC, *VLDL, *WSCST Required, Positional 1
CHGRPTONLY Changed report only *NO, *YES Optional, Positional 2
LIB Library Name Optional
AUTTYPE Authority type *OBJECT, *FIELD, *ALL Optional
FLR Folder Character value Optional
AUTLOBJ Print AUTL objects *NO, *YES Optional
DIR Directory Path name Optional
SCHSUBDIR Search subdirectory *NO, *YES Optional
Top

Object type (OBJTYPE)

This is a required parameter.

The type of object to search for. For a complete list of object types, press the F4 key when prompting this parameter.

object-type
The type of object to be processed.
Top

Changed report only (CHGRPTONLY)

Specifies whether just the changed reports should be printed.

*NO
The full and changed reports are printed.
*YES
Only the changed report and the deleted reports are printed.
Top

Library (LIB)

This is a required parameter for all object types except *AUTL, *BLKSF, *CFGL, *CNNL, *COSD, *CTLD, *DEVD, *DIR, *DOC, *FLR, *LIB, *LIND, *MODD, *NWID, *NWSD, *SOCKET, *STMF, *SYMLNK, and *USRPRF.

The name of the library to search for objects to be included in the private authority report.

Top

Authority type (AUTTYPE)

Specifies whether object level authority, field level authority, or both object level and field level authority reports are generated. Field level authority information only applies to *FILE objects.

*OBJECT
Object level authority reports are generated for the specified objects.
*FIELD
For each data base file that has field level authorities a field level authority report is generated.

This value is only valid if *FILE is specified for the Object type (OBJTYPE) parameter.

*ALL
For each data base file that has field level authorities, a field level authority report is generated. Also, the object level authority reports for all the files in the specified library are generated.

This value is only valid if *FILE is specified for the Object type (OBJTYPE) parameter.

Top

Folder (FLR)

This is a required parameter if *DOC is specified for the Object type (OBJTYPE) parameter.

The name of the folder to search for documents to be included in the private authority report.

folder-name
The name of the folder to be searched.
Top

Print AUTL objects (AUTLOBJ)

Specifies whether the Display Authorization List Objects (DSPAUTLOBJ) command will be run for each of the authorization lists on the system. DSPAUTLOBJ provides a list of all the objects that are secured by a specific authorization list. This parameter is only used if the object type is *AUTL. It is ignored for all other object types.

*NO
The DSPAUTLOBJ command will not be run for each of the authorization lists on the system.
*YES
The DSPAUTLOBJ command will be run for each of the authorization lists on the system. The output for the command will be sent to the same output queue as the authorization list report.
Top

Directory (DIR)

This is a required parameter if *BLKSF, *DIR, *SOCKET, *STMF, or *SYMLNK is specified for the Object type (OBJTYPE) parameter.

The name of the directory to search for objects to be included in the private authority report. Only local objects in the Root, QOpenSys, and User-Defined file systems are supported.

directory-name
The name of the directory to be searched.
Top

Search subdirectory (SCHSUBDIR)

Specifies whether to search the subdirectories for objects to be included in the private authority report.

Note: This parameter is only used when OBJTYPE is *BLKSF, *DIR, *SOCKET, *STMF, or *SYMLNK.

*NO
The subdirectories are not searched.
*YES
The subdirectories are searched.
Top

Examples

PRTPVTAUT   OBJTYPE(*FILE)  LIB(PAYROLLLIB)

This command prints the full, changed, and deleted reports for all file objects in the library PAYROLLLIB.

Top

Error messages

*ESCAPE Messages

CPFB304
User does not have required special authorities.
CPFB307
Command &1 in use in another job.
Top