Security-related APIs

The i5/OS^(TM) security-related APIs allow you to:

• Perform many of the security functions through a program interface. You can use APIs instead of CL commands.
• Combine many individual jobs into a single server or overhead job without compromising system security.

These APIs can be used to consolidate server jobs to reduce processing time and storage use because the system performs job management tasks for only one job. They also speed response time for system users.

For general information about system security, see the Security topic.

The security-related APIs are:

• Add Verifier (QYDOADDV, QydoAddVerifier)) adds a certificate to the local system's *SIGNATUREVERIFICATION certificate store that the local system can use later to verify the integrity of objects on the system.
• Change Previous Sign-On Date (QSYCHGPR) changes the previous sign-on date and time to the current date and time for the current user of the job.
• Change Service Tools User ID (QSYCHGDS) changes the ID name or the password (or both) for service tools user IDs.
• Change User Password (QSYCHGPW) changes a user's password.
• Change User Profile UID or GID (QSYCHGID) changes the user ID (UID) or group ID (GID) value for a user profile object.
• Check Encrypted User Password (QSYCUPWD) checks to see if the encrypted password data for the specified user profile on the system on which this API is run is the same as the encrypted password data for the user on the system where the Retrieve Encrypted User Password (QSYRUPWD) API was run.
• Check Profile Token User (QSYCHKTU, QsyChkPrfTknUser) verifies that the user profile associated with the token is the same as the current user profile in the thread.
• Check system (QYDOCHKS, QydoCheckSystem) checks key operating system object's signatures.
• Check User Authority to an Object (QSYCUSRA) returns an indication about a user's specified authority to an object.
• Check User Special Authorities (QSYCUSRS) returns an indication of a user's special authorities.
• Clear Job User Identity (QwtClearJuid()) clears any job user identity that was previously set by the QwtSetJuid() function or by the Set Job User Identity (QWTSJUID) API.
• Convert Authority Values to MI Value (QSYCVTA) converts authority values to the machine interface (MI) representation of the value.
• Generate Profile Token (QSYGENPT) verifies that the caller has authority to generate a profile token for the requested profile and then generates a profile token.
• Generate Profile Token (QsyGenPrfTkn) verifies that the caller has authority to generate a profile token for the requested profile and then generates a profile token.
• Generate Profile Token Extended (QsyGenPrfTknE) verifies that the caller has authority to generate a profile token for the requested profile and then generates a profile token.
• Generate Profile Token From Profile Token (QSYGENFT, QsyGenPrfTknFromPrfTkn) generates a profile token using an existing profile token.
• Get Profile Handle (QSYGETPH) validates a user ID and password, and creates an encrypted abbreviation called a profile handle for that user profile.
• Get Profile Handle (QsyGetProfileHandle) validates user IDs and passwords and creates a profile handle, for use in jobs that run under more than one user profile.
• Get Profile Handle No Password (QsyGetProfileHandleNoPwd) validates user IDs and creates a profile handle, for use in jobs that run under more than one user profile.
• Get Profile Token Time Out (QSYGETPT, QsyGetPrfTknTimeOut) gets the number of seconds until a profile token is not valid.
• Invalidate Profile Token (QSYINVPT, QsyInvalidatePrfTkn) invalidates a profile token.
• List Authorized Users (QSYLAUTU) puts a list of authorized users of the system in a user space.
• List Objects Secured by Authorization List (QSYLATLO) puts a list of objects secured by an authorization list in a user space.
• List Objects That Adopt Owner Authority (QSYLOBJP) puts a list of objects that adopt an owner's authority in a user space.
• List Objects User Is Authorized to, Owns, or Is Primary Group of (QSYLOBJA) puts a list of objects that a user is authorized to, owns, or is the primary group owner for into a user space.
• List Users Authorized to Object (QSYLUSRA) puts a list of users privately authorized to an object in a user space.
• Open List of Authorized Users (QGYOLAUS) provides information about the authorized users of the system.
• Release Profile Handle (QSYRLSPH, QsyReleaseProfileHandle) validates a given profile handle and then releases it.
• Remove All Profile Tokens (QsyRemoveAllPrfTkns) provides an interface to remove all profiles on the system.
• Remove All Profile Tokens For User (QsyRemoveAllPrfTknsForUser) provides an interface to remove all profile tokens that have been generated for a specific user profile.
• Remove Profile Token (QsyRemovePrfTkn) removes the specified profile token.
• Remove Profile Tokens (QSYRMVPT) provides an interface to remove all profile tokens that have been generated for user profiles on the system, or to remove all profile tokens that have been generated for a specific user profile.
• Reset Profile Attributes (QSYRESPA) resets four attributes of system-supplied user profiles.
• Retrieve Authorization List Information (QSYRTVAI) returns the number of entries in use for the specified authorization list. 
• Retrieve Authorized Users (QSYRAUTU) returns a list of authorized user names on the system and information about those users.
• Retrieve Encrypted User Password (QSYRUPWD) returns to the caller the encrypted password for the specified user profile.
• Retrieve Object Signatures (QYDORTVO, QydoRetrieveDigitalSignatures) retrieves certificate information from a signed iSeries object.
• Retrieve Objects Secured by Authorization List (QGYRATLO) provides a list of objects that are secured by an authorization list.
• Retrieve Security Attributes (QSYRTVSA) retrieves information about the current and pending security attributes of the system.
• Retrieve User Authority to Object (QSYRUSRA) returns the user's authority to an object.
• Retrieve User Information (QSYRUSRI) returns the information about a user.
• Retrieve Users Authorized to an Object (QSYRTVUA) provides information about the users who are authorized to an object.
• Set Encrypted User Password (QSYSUPWD) sets the encrypted password for the specified user profile by using the receiver variable that was retrieved by the Retrieve Encrypted User Password (QSYRUPWD) API.
• Set Job User Identity (QWTSJUID) performs two operations that can be used to explicitly set the job user identity of the current job.
• Set Job User Identity (QwtSetJuid()) sets the job user identity of the current job to the name of the current user profile of the job.
• Set Profile Handle (QWTSETP, QsySetToProfileHandle) switches the job to run under a new profile.
• Set To Profile Token (QSYSETPT, QsySetToPrfTkn) validates the profile token and changes the current thread to run under the user and group profiles represented by the profile token.
• Sign Buffer (QYDOSGNB, QydoSignBuffer) allows the local system to certify that the series of bytes being signed is trustworthy.
• Sign Object (QYDOSGNO, QydoSignObject) allows the local system to certify that the object being signed is trustworthy as of the time the object is being signed.
• Verify Buffer (QYDOVFYB, QydoVerifyBuffer) allows the local system to verify that the series of bytes signed earlier has not been tampered with.
• Verify Object (QYDOVFYO, QydoVerifyObject) checks to see if an object has changed since it was signed.