Types of data authority

Listed here are the types of data authorities, or permissions, to grant users access to physical and logical files.

Read authority

Users can read the records in the file.

Add authority

Users can add new records to the file.

Update authority

Users can update existing records. (To read a record for update, you must also have read authority.)

Delete authority

Users can delete existing records. (To read a record for deletion, you must also have read authority.)

Execute authority

You can use execute authority to work with libraries and to start programs. For example, if you are changing a file associated with a trigger, you must have execute authority to the trigger program. If you do not have execute authority, the system will not start the trigger program.

Normally, the authority you have to the data in the file is not verified until you actually perform the input/output operation. However, the Open Query File (OPNQRYF) and Open Database File (OPNDBF) commands also verify data authority when the file is opened.

If object operational authority is not granted to a user for a file, the user cannot open the file.

The following example shows the relationship between authority granted for logical files and the physical files used by the logical file. The logical files LF1, LF2, and LF3 are based on the physical file PF1. USERA has read (*READ) and add (*ADD) authority to the data in PF1 and object operational (*OBJOPR), read (*READ), and add (*ADD) authority for LF1 and LF2. This means that USERA cannot open PF1 or use its data directly in any way because the user does not have object operational authority (*OBJOPR) to PF1; USERA can open LF1 and LF2 and read records from and add records to PF1 through LF1 and LF2.
Note: The user was not given authority for LF3 and, therefore, cannot use it.

Examples of files
Parent topic: Grant file and data authority
Related concepts
Trigger automatic events in your database