Check User Authority to an Object (QSYCUSRA) API


  Required Parameter Group:

1 Authority indicator Output Char(1)
2 User profile name Input Char(10)
3 Qualified object name Input Char(20)
4 Object type Input Char(10)
5 Authority Input Char(*)
6 Number of authorities Input Binary(4)
7 Call level Input Binary(4)
8 Error code I/O Char(*)

  Default Public Authority: *USE

  Threadsafe: Yes

The Check User Authority to Object (QSYCUSRA) API provides an indication of whether the user has the specified authority to an object.


Authorities and Locks

The following authority is required for the user calling this API, unless the user profile name parameter is *CURRENT or the name of the profile that is currently running, the caller owns the object, or the object is an authorization list:

If the user profile is *CURRENT or the name of the profile that is running currently, the authority to the user includes any authority specified on the object (private, group, authorization list, or public) plus any program adopted authority. If the user profile is not *CURRENT or the name of the profile that is running currently, the authority available to the user is the authority specified on the object.

Adopted authority is authority given to the user by the program for the duration of that program. If previous programs in the program stack adopt their owner's authority, the adopted authority for the current program is the accumulated adopted authority from all other programs in the program stack that adopt authority.


Required Parameter Group

Authority indicator
OUTPUT; CHAR(1)

Whether the user has the specified authority to the object. The field contains one of the following:

Y The user has the specified authority.
N The user does not have the specified authority.

User profile name
INPUT; CHAR(10)

The name of the user whose authority is checked.

You can specify the following special value:

*CURRENT Checks the authority of the current user to the specified object.

Qualified object name
INPUT; CHAR(20)

The name of the object whose authority is checked. The first 10 characters specify the object name; the second 10 characters specify the library. You can use these special values for the library name:

*CURLIB The current library is used to locate the object. If there is no current library, QGPL (general purpose library) is used.
*LIBL The library list is used to locate the object.

Object type
INPUT; CHAR(10)

The type of object whose authority is checked.

Authority
INPUT; CHAR(*)

The authority to check for. This parameter can contain up to eleven 10-character fields. The following identifies the type of authority the user has to the object:

*EXCLUDE Exclude authority. If this value is specified, no other values can be specified.
*ALL All authority.
*CHANGE Change authority.
*USE Use authority.
*AUTLMGT Authorization list management authority. This value is only valid if the object type is *AUTL.
*OBJALTER Object alter authority.
*OBJOPR Object operational authority.
*OBJMGT Object management authority.
*OBJEXIST Object existence authority.
*OBJREF Object reference authority.
*READ Read authority.
*ADD Add authority.
*UPD Update authority.
*DLT Delete authority.
*EXECUTE Execute authority.

Number of authorities
INPUT; BINARY(4)

The number of authorities specified in the authority parameter. You can specify 1 through 11 authorities.

Call level
INPUT; BINARY(4)

The number of call levels to back up in the program stack to do the authority check. For example, if the program that calls this API adopts authority, you would probably not want the authority check to use the adopted authority. Therefore, the authority check should be done at the call level previous to the current level. This parameter should then contain a 1. You can check the authority at the various call levels by signifying a numeric equivalent to the call level. For example, to check the authority at the current call level, specify a 0; to check the authority at the previous call level, specify a 1.

This parameter is only used if the user profile name parameter is *CURRENT or the current user for the job.

Error code
I/O; CHAR(*)

The structure in which to return error information. For the format of the structure, see Error Code Parameter.


Error Messages

Message ID Error Message Text
CPF22FA E Authority value &1 not valid.
CPF22FB E Must specify *EXCLUDE or *AUTL as only authority value.
CPF22F7 E Number of authorities must be between 1 and &1.
CPF22F9 E Call level &1 not valid.
CPF3C90 E Literal value cannot be changed.
CPF3CF1 E Error code parameter not valid.
CPF3C31 E Object type &1 is not valid.
CPF8122 E &8 damage on library &4.
CPF9801 E Object &2 in library &3 not found.
CPF9802 E Not authorized to object &2 in &3.
CPF9803 E Cannot allocate object &2 in library &3.
CPF9807 E One or more libraries in library list deleted.
CPF9808 E Cannot allocate one or more libraries on library list.
CPF9810 E Library &1 not found.
CPF9811 E Program &1 in library &2 not found.
CPF9812 E File &1 in library &2 not found.
CPF9814 E Device &1 not found.
CPF9820 E Not authorized to use library &1.
CPF9830 E Cannot assign library &1.
CPF9872 E Program or service program &1 in library &2 ended. Reason code &3.


API introduced: V2R2
Top | Security APIs | APIs by category