friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.apis_5.4.0.1/eimqueryaccess.htm

568 lines
18 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
<title>eimQueryAccess()--Query EIM Access</title>
<!-- Begin header records -->
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<!-- Change History: -->
<!-- YYMMDD USERID Change description -->
<!-- Created by Therese Dalton on 17 July 2001 -->
<!-- Edited by Kersten Jan 02 -->
<!-- End Header Records -->
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
</head>
<body>
<!--Java sync-link-->
<script type="text/javascript" language="javascript" src="../rzahg/synch.js">
</script>
<a name="Top_Of_Page"></a>
<!-- ============================================================== -->
<!-- -->
<!-- -->
<!-- ============================================================== -->
<h2> eimQueryAccess()--Query EIM
Access</h2>
<!-- ============================================================== -->
<!-- -->
<!-- S Y N T A X / P A R M T A B L E -->
<!-- -->
<!-- ============================================================== -->
<div class="box" style="width: 80%;">
<br>
&nbsp;&nbsp;Syntax
<pre>
#include &lt;eim.h&gt;
int eimQueryAccess(EimHandle * <em>eim</em>,
EimAccessUser * <em>accessUser</em>,
enum EimAccessType <em>accessType</em>,
char * <em>registryName</em>,
unsigned int * <em>accessIndicator</em>,
EimRC * <em>eimrc</em>)
</pre>
&nbsp;&nbsp;Service Program Name: QSYS/QSYEIM<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Default Public Authority: *USE<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Threadsafe: Yes<br>
<!-- iddvc RMBR -->
<br>
</div>
<!-- ============================================================== -->
<!-- -->
<!-- D E S C R I P T I O N -->
<!-- -->
<!-- ============================================================== -->
<p>The <strong>eimQueryAccess()</strong> function queries to see if the user
has the specified access.</p>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- A U T H O R I T I E S A N D L O C K S -->
<!-- -->
<!-- ============================================================== -->
<h3>Authorities and Locks</h3>
<dl>
<dt><em>EIM Data</em></dt>
<dd>Access to EIM data is controlled by EIM access groups. LDAP administrators
also have access to EIM data. The access groups whose members have authority to
the EIM data for this API follow:
<ul>
<li>EIM Administrator</li>
</ul>
</dd>
</dl>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- P A R A M E T E R S -->
<!-- -->
<!-- ============================================================== -->
<h3>Parameters</h3>
<dl><!-- ============================================================== -->
<!-- eim -->
<!-- ============================================================== -->
<dt><strong>eim</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The EIM handle returned by a previous call to eimCreateHandle(). A valid
connection is required for this function.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- accessUser -->
<!-- ============================================================== -->
<dt><strong>accessUser</strong>&nbsp;&nbsp;(Input)</dt>
<dd>A structure that contains the user information for which to query
access.<br>
<br>
<table cellpadding="5">
<!-- cols="25 75" -->
<tr>
<td align="left" valign="top"><em>EIM_ACCESS_LOCAL_USER</em></td>
<td align="left" valign="top">Indicates a local user name on the system that
the API is run. The local user name will be converted to the appropriate access
id for this system.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIM_ACCESS_KERBEROS</em></td>
<td align="left" valign="top">Indicates a kerberos principal. The kerberos
principal will be converted to the appropriate access id. For example,
petejones@therealm will be converted to ibm-kn=petejones@threalm.</td>
</tr>
</table>
<p>The EimAccessUser structure layout follows:</p>
<pre>
enum EimAccessUserType {
EIM_ACCESS_DN,
EIM_ACCESS_KERBEROS,
EIM_ACCESS_LOCAL_USER
};
typedef struct EimAccessUser
{
union {
char * dn;
char * kerberosPrincipal;
char * localUser;
} user;
enum EimAccessUserType userType;
} EimAccessUser;
</pre>
</dd>
<!-- ============================================================== -->
<!-- accessType -->
<!-- ============================================================== -->
<dt><strong>accessType</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The type of access to check. Valid values are:<br>
<br>
<table cellpadding="5">
<!-- cols="35 65" -->
<tr>
<td align="left" valign="top"><em>EIM_ACCESS_ADMIN (0)</em></td>
<td align="left" valign="top">Administrative authority to the entire EIM
domain.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIM_ACCESS_REG_ADMIN (1)</em></td>
<td align="left" valign="top">Administrative authority to all registries in the
EIM domain.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIM_ACCESS_REGISTRY (2)</em></td>
<td align="left" valign="top">Administrative authority to the registry
specified in the <em>registryName</em> parameter.</td>
</tr>
<tr>
<td align="left" valign="top" nowrap><em>EIM_ACCESS_IDENTIFIER_ADMIN
(3)</em></td>
<td align="left" valign="top">Administrative authority to all of the
identifiers in the EIM domain.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIM_ACCESS_MAPPING_LOOKUP (4)</em></td>
<td align="left" valign="top">Authority to perform mapping lookup
operations.</td>
</tr>
<tr>
<td align="left" valign="top"><em><img src="delta.gif" alt="Start of change">EIM_ACCESS_CREDENTIAL_DATA (5)</em></td>
<td align="left" valign="top">Authority to retrieve credential data.<img src="deltaend.gif" alt="End of change"></td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- registryName -->
<!-- ============================================================== -->
<dt><strong>registryName</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The name of the EIM registry for which to check access. This parameter is
only used if EimAccessType is EIM_ACCESS_REGISTRY.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- accessIndicator -->
<!-- ============================================================== -->
<dt><strong>accessIndicator</strong>&nbsp;&nbsp;(Output)</dt>
<dd>Indicator set to indicate if access found.<br>
<br>
<table cellpadding="5">
<!-- cols="25 75" -->
<tr>
<td align="left" valign="top"><em>EIM_ACCESS_NO (0)</em></td>
<td align="left" valign="top">Access not found</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIM_ACCESS_YES (1)</em></td>
<td align="left" valign="top">Access found.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- eimrc -->
<!-- ============================================================== -->
<dt><strong>eimrc</strong>&nbsp;&nbsp;(Input/Output)</dt>
<dd>(Input/Output)
<p>The structure in which to return error code information. If the return value
is not 0, eimrc is set with additional information. This parameter may be NULL.
For the format of the structure, see <a href="eimrc.htm">EimRC--EIM Return Code
Parameter</a>.<br>
<br>
</p>
</dd>
</dl>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- R E T U R N V A L U E -->
<!-- -->
<!-- ============================================================== -->
<h3><a name="Header_4">Return Value</a></h3>
<p>The return value from the API. Following each return value is the list of
possible values for the <samp>messageCatalogMessageID</samp> field in the
<em>eimrc</em> parameter for that value.</p>
<dl><!-- ============================================================== -->
<!-- 0 -->
<!-- ============================================================== -->
<dt><strong>0</strong></dt>
<dd>Request was successful.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- EACCES -->
<!-- ============================================================== -->
<dt><strong>EACCES</strong></dt>
<dd>Access denied. Not enough permissions to access data.<br>
<br>
<table cellpadding="5">
<!-- cols="25 75" -->
<tr>
<td align="left" valign="top"><em>EIMERR_ACCESS (1)</em></td>
<td align="left" valign="top">Insufficient access to EIM data.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- EBADDATA -->
<!-- ============================================================== -->
<dt><strong>EBADDATA</strong></dt>
<dd>eimrc is not valid.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- EBUSY -->
<!-- ============================================================== -->
<dt><strong>EBUSY</strong></dt>
<dd>Unable to allocate internal system object.<br>
<br>
<table cellpadding="5">
<!-- cols="25 75" -->
<tr>
<td align="left" valign="top"><em>EIMERR_NOLOCK (26)</em></td>
<td align="left" valign="top">Unable to allocate internal system object.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- ECONVERT -->
<!-- ============================================================== -->
<dt><strong>ECONVERT</strong></dt>
<dd>Data conversion error.<br>
<br>
<table cellpadding="5">
<!-- cols="35 65" -->
<tr>
<td align="left" valign="top"><em>EIMERR_DATA_CONVERSION (13)</em></td>
<td align="left" valign="top">Error occurred when converting data between code
pages.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- EINVAL -->
<!-- ============================================================== -->
<dt><strong>EINVAL</strong></dt>
<dd>Input parameter was not valid.<br>
<br>
<table cellpadding="5">
<!-- cols="40 60" -->
<tr>
<td align="left" valign="top"><em>EIMERR_ACCESS_TYPE_INVAL (2)</em></td>
<td align="left" valign="top">Access type is not valid.</td>
</tr>
<tr>
<td align="left" valign="top" nowrap><em>EIMERR_ACCESS_USERTYPE_INVAL
(3)</em></td>
<td align="left" valign="top">Access user type is not valid.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_HANDLE_INVAL (17)</em></td>
<td align="left" valign="top">EimHandle is not valid.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_PARM_REQ (34)</em></td>
<td align="left" valign="top">Missing required parameter. Please check API
documentation.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_PTR_INVAL (35)</em></td>
<td align="left" valign="top">Pointer parameter is not valid.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_REG_MUST_BE_NULL (55)</em></td>
<td align="left" valign="top">Registry name must be NULL when access type is
not EIM_ACCESS_REGISTRY.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- ENOMEM -->
<!-- ============================================================== -->
<dt><strong>ENOMEM</strong></dt>
<dd>Unable to allocate required space.<br>
<br>
<table cellpadding="5">
<!-- cols="25 75" -->
<tr>
<td align="left" valign="top"><em>EIMERR_NOMEM (27)</em></td>
<td align="left" valign="top">No memory available. Unable to allocate required
space.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- ENOTCONN -->
<!-- ============================================================== -->
<dt><strong>ENOTCONN</strong></dt>
<dd>LDAP connection has not been made.<br>
<br>
<table cellpadding="5">
<!-- cols="25 75" -->
<tr>
<td align="left" valign="top"><em>EIMERR_NOT_CONN (31)</em></td>
<td align="left" valign="top">Not connected to LDAP. Use eimConnect() API and
try the request again.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- EUNKNOWN -->
<!-- ============================================================== -->
<dt><strong>EUNKNOWN</strong></dt>
<dd>Unexpected exception.<br>
<br>
<table cellpadding="5">
<!-- cols="25 75" -->
<tr>
<td align="left" valign="top"><em>EIMERR_LDAP_ERR (23)</em></td>
<td align="left" valign="top">Unexpected LDAP error. %s</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_UNKNOWN (44)</em></td>
<td align="left" valign="top">Unknown error or unknown system state.</td>
</tr>
</table>
</dd>
</dl>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- U S A G E N O T E S -->
<!-- -->
<!-- ============================================================== -->
<!-- ============================================================== -->
<!-- -->
<!-- R E L A T E D I N F O R M A T I O N -->
<!-- -->
<!-- ============================================================== -->
<h3>Related Information</h3>
<ul>
<li><a href="eimaddaccess.htm">eimAddAccess()</a> --Add EIM Access<br>
<br>
</li>
<li><a href="eimremoveaccess.htm">eimRemoveAccess()</a> --Remove EIM Access<br>
<br>
</li>
<li><a href="eimlistuseraccess.htm">eimListUserAccess()</a> --List EIM User
Access<br>
<br>
</li>
<li><a href="eimlistaccess.htm">eimListAccess()</a> --List EIM Access<br>
<br>
</li>
</ul>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- E X A M P L E -->
<!-- -->
<!-- ============================================================== -->
<h3>Example</h3>
<p>See <a href="../apiref/aboutapis.htm#codedisclaimer">Code disclaimer information</a>
for information pertaining to code examples.</p>
<p>The following example checks to see if the user has the requested
access.</p>
<pre>
#include &lt;eim.h&gt;
#include &lt;stdio.h&gt;
int main(int argc, char *argv[])
{
int rc;
char eimerr[100];
EimRC * err;
EimHandle * handle;
EimAccessUser user;
unsigned int indicator;
<em>/* Get eim handle from input arg. */</em>
<em>/* This handle is already connected to EIM. */</em>
handle = (EimHandle *)argv[1];
<em>/* Set up error structure. */</em>
memset(eimerr,0x00,100);
err = (EimRC *)eimerr;
err-&gt;memoryProvidedByCaller = 100;
<em>/* Set up access user info */</em>
user.userType = EIM_ACCESS_DN;
user.user.dn="cn=pete,o=ibm,c=us";
<em>/* Query access for this user. */</em>
if (0 != (rc = eimQueryAccess(handle,
&amp;user,
EIM_ACCESS_ADMIN,
NULL,
&amp;indicator,
err)))
{
printf("Query access error = %d", rc);
return -1;
}
<em>/* Print the results */</em>
if (EIM_ACCESS_YES == indicator)
printf("Access found\n");
else
printf("Access not found\n");
return 0;
}
</pre>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- F O O T E R -->
<!-- -->
<!-- ============================================================== -->
<hr>
API introduced: V5R2
<hr>
<center>
<table cellpadding="2" cellspacing="2">
<tr align="center">
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
"sec.htm">Security APIs</a> | <a href="aplist.htm">APIs by category</a></td>
</tr>
</table>
</center>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink