Types of object authority

Listed here are the types of object authority to grant users access to database files.

Object operational authority

Users need object operational authority to:
  • Open the file for processing. (You must also have at least one data authority.)
  • Compile a program which uses the file description.
  • Display descriptive information about active members of a file.
  • Open the file for query processing. For example, the Open Query File (OPNQRYF) command opens a file for query processing.
Note: You must also have the appropriate data authorities required by the options specified on the open operation.

Object existence authority

Users need object existence authority to:
  • Delete the file.
  • Save, restore, and free the storage of the file. If the object existence authority has not been explicitly granted to the user, the *SAVSYS special user authority allows the user to save, restore, and free the storage of a file. *SAVSYS is not the same as object existence authority.
  • Remove members from the file.
  • Transfer ownership of the file.
Note: All these functions except save/restore also require object operational authority to the file.

Object management authority

Users need object management authority to:
  • Create a logical file with a keyed sequence access path (object management authority is required for the physical file referred to by the logical file).
  • Grant and revoke authority. You can grant and revoke only the authority that you already have. (You must also have object operational authority to the file.)
  • Change the file.
  • Add members to the file. (The owner of the file becomes the owner of the new member.)
  • Change the member in the file.
  • Move the file.
  • Rename the file.
  • Rename a member of the file.
  • Clear a member of the file. (Delete data authority is also required.)
  • Initialize a member of the file. (Add data authority is also required to initialize with default records; delete data authority is required to initialize with deleted records.)
  • Reorganize a member of the file. (All data authorities are also required.)

Object alter authority

Users need object alter authority for many of the same operations as object management authority (see preceding section). Object alter authority is a replacement authority for object management authority.

Object reference authority

Users need object reference authority to refer to an object from another object so that the operations on that object can be restricted by the referencing object.

Adding a physical file referential constraint checks for either object management authority or object reference authority to the parent file.

Parent topic: Grant file and data authority
Related concepts
Control the integrity of your database with constraints
Ensure data integrity with referential constraints