eimQueryAccess()--Query EIM
Access
Syntax
#include <eim.h>
int eimQueryAccess(EimHandle * eim,
EimAccessUser * accessUser,
enum EimAccessType accessType,
char * registryName,
unsigned int * accessIndicator,
EimRC * eimrc)
Service Program Name: QSYS/QSYEIM
Default Public Authority: *USE
Threadsafe: Yes
The eimQueryAccess() function queries to see if the user
has the specified access.
Authorities and Locks
- EIM Data
- Access to EIM data is controlled by EIM access groups. LDAP administrators
also have access to EIM data. The access groups whose members have authority to
the EIM data for this API follow:
Parameters
- eim (Input)
- The EIM handle returned by a previous call to eimCreateHandle(). A valid
connection is required for this function.
- accessUser (Input)
- A structure that contains the user information for which to query
access.
| EIM_ACCESS_LOCAL_USER |
Indicates a local user name on the system that
the API is run. The local user name will be converted to the appropriate access
id for this system. |
| EIM_ACCESS_KERBEROS |
Indicates a kerberos principal. The kerberos
principal will be converted to the appropriate access id. For example,
petejones@therealm will be converted to ibm-kn=petejones@threalm. |
The EimAccessUser structure layout follows:
enum EimAccessUserType {
EIM_ACCESS_DN,
EIM_ACCESS_KERBEROS,
EIM_ACCESS_LOCAL_USER
};
typedef struct EimAccessUser
{
union {
char * dn;
char * kerberosPrincipal;
char * localUser;
} user;
enum EimAccessUserType userType;
} EimAccessUser;
- accessType (Input)
- The type of access to check. Valid values are:
| EIM_ACCESS_ADMIN (0) |
Administrative authority to the entire EIM
domain. |
| EIM_ACCESS_REG_ADMIN (1) |
Administrative authority to all registries in the
EIM domain. |
| EIM_ACCESS_REGISTRY (2) |
Administrative authority to the registry
specified in the registryName parameter. |
| EIM_ACCESS_IDENTIFIER_ADMIN
(3) |
Administrative authority to all of the
identifiers in the EIM domain. |
| EIM_ACCESS_MAPPING_LOOKUP (4) |
Authority to perform mapping lookup
operations. |
 EIM_ACCESS_CREDENTIAL_DATA (5) |
Authority to retrieve credential data. |
- registryName (Input)
- The name of the EIM registry for which to check access. This parameter is
only used if EimAccessType is EIM_ACCESS_REGISTRY.
- accessIndicator (Output)
- Indicator set to indicate if access found.
| EIM_ACCESS_NO (0) |
Access not found |
| EIM_ACCESS_YES (1) |
Access found. |
- eimrc (Input/Output)
- (Input/Output)
The structure in which to return error code information. If the return value
is not 0, eimrc is set with additional information. This parameter may be NULL.
For the format of the structure, see EimRC--EIM Return Code
Parameter.
The return value from the API. Following each return value is the list of
possible values for the messageCatalogMessageID field in the
eimrc parameter for that value.
- 0
- Request was successful.
- EACCES
- Access denied. Not enough permissions to access data.
| EIMERR_ACCESS (1) |
Insufficient access to EIM data. |
- EBADDATA
- eimrc is not valid.
- EBUSY
- Unable to allocate internal system object.
| EIMERR_NOLOCK (26) |
Unable to allocate internal system object. |
- ECONVERT
- Data conversion error.
| EIMERR_DATA_CONVERSION (13) |
Error occurred when converting data between code
pages. |
- EINVAL
- Input parameter was not valid.
| EIMERR_ACCESS_TYPE_INVAL (2) |
Access type is not valid. |
| EIMERR_ACCESS_USERTYPE_INVAL
(3) |
Access user type is not valid. |
| EIMERR_HANDLE_INVAL (17) |
EimHandle is not valid. |
| EIMERR_PARM_REQ (34) |
Missing required parameter. Please check API
documentation. |
| EIMERR_PTR_INVAL (35) |
Pointer parameter is not valid. |
| EIMERR_REG_MUST_BE_NULL (55) |
Registry name must be NULL when access type is
not EIM_ACCESS_REGISTRY. |
- ENOMEM
- Unable to allocate required space.
| EIMERR_NOMEM (27) |
No memory available. Unable to allocate required
space. |
- ENOTCONN
- LDAP connection has not been made.
| EIMERR_NOT_CONN (31) |
Not connected to LDAP. Use eimConnect() API and
try the request again. |
- EUNKNOWN
- Unexpected exception.
| EIMERR_LDAP_ERR (23) |
Unexpected LDAP error. %s |
| EIMERR_UNKNOWN (44) |
Unknown error or unknown system state. |
Related Information
Example
See Code disclaimer information
for information pertaining to code examples.
The following example checks to see if the user has the requested
access.
#include <eim.h>
#include <stdio.h>
int main(int argc, char *argv[])
{
int rc;
char eimerr[100];
EimRC * err;
EimHandle * handle;
EimAccessUser user;
unsigned int indicator;
/* Get eim handle from input arg. */
/* This handle is already connected to EIM. */
handle = (EimHandle *)argv[1];
/* Set up error structure. */
memset(eimerr,0x00,100);
err = (EimRC *)eimerr;
err->memoryProvidedByCaller = 100;
/* Set up access user info */
user.userType = EIM_ACCESS_DN;
user.user.dn="cn=pete,o=ibm,c=us";
/* Query access for this user. */
if (0 != (rc = eimQueryAccess(handle,
&user,
EIM_ACCESS_ADMIN,
NULL,
&indicator,
err)))
{
printf("Query access error = %d", rc);
return -1;
}
/* Print the results */
if (EIM_ACCESS_YES == indicator)
printf("Access found\n");
else
printf("Access not found\n");
return 0;
}
API introduced: V5R2