QSYSPermission is a subclass of the UserPermission class. QSYSPermission allows you to display and set the permission a user has for an object in the traditional iSeries™ library structure stored in QSYS.LIB. You can set authority for an object stored in QSYS.LIB by setting a system-defined authority value or by setting the individual object and data authorities.
The following table lists and describes the valid system-defined authority values:
| System-defined authority value | Description |
|---|---|
| *ALL | The user can perform all operations except those operations that are controlled by authorization list management. |
| *AUTL | The authorization list is used to determine the authority for the document. |
| *CHANGE | The user can change and perform basic functions on the object. |
| *EXCLUDE | The user cannot access the object. |
| *USE | The user has object operational authority, read authority, and execute authority. |
Each system-defined authority value actually represents a combination of the individual object authorities and data authorities. The following table illustrates the relationships of system-defined authorities to the individual object and data authorities:
| System-defined authority | Object authority | Data authority | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Opr | Mgt | Exist | Alter | Ref | Read | Add | Upd | Dlt | Exe | |
| All | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y |
| Change | Y | n | n | n | n | Y | Y | Y | Y | Y |
| Exclude | n | n | n | n | n | n | n | n | n | n |
| Use | Y | n | n | n | n | Y | n | n | n | Y |
| Autl | Only valid with user (*PUBLIC) and a specified authorization list that determines the individual object and data authorities. | |||||||||
Specifying a system-defined authority automatically assigns the appropriate individual authorities. Likewise, specifying various individual authorities changes the appropriate individual authority values. When a combination of individual object authorities and data authorities does not map to a single system-defined authority value, then the single value becomes "User Defined."
Use the getObjectAuthority() method to display the current system-defined authority. Use the setObjectAuthority() method to set the current system-defined authority using a single value.
Use the appropriate set method to set individual object authority values on or off:
Use the appropriate set method to set individual data authority values on or off:
For more information about the different authorities, see Chapter
5: Resource Security in the iSeries Security
Reference 
. For information about using iSeries CL commands to grant and edit
object authorities, see the iSeries CL commands Grant Object Authority (GRTOBJAUT) and Edit Object Authority (EDTOBJAUT).
Example
This example shows you how to retrieve and print the permissions for a QSYS object.
// Create a system object.
AS400 sys = new AS400("MYAS400", "USERID", "PASSWORD");
// Represent the permissions to a QSYS object.
Permission objectInQSYS = new Permission(sys, "/QSYS.LIB/FRED.LIB");
// Print the object pathname and retrieve its permissions.
System.out.println("Permissions on "+objectInQSYS.getObjectPath()+" are as follows:");
Enumeration enum = objectInQSYS.getUserPermissions();
while (enum.hasMoreElements())
{
// For each of the permissions, print out the user profile name
// and that user's authorities to the object.
QSYSPermission qsysPerm = (QSYSPermission)enum.nextElement();
System.out.println(qsysPerm.getUserID()+": "+qsysPerm.getObjectAuthority());
}