com.ibm.as400.access
Class QSYSPermission

java.lang.Object
  extended by com.ibm.as400.access.UserPermission
      extended by com.ibm.as400.access.QSYSPermission
All Implemented Interfaces:
Serializable, Cloneable

public class QSYSPermission
extends UserPermission

The QSYSPermission class represents the permissions for the specified user of an object in the traditional IBM i library structure stored in QSYS.LIB.

A object stored in QSYS.LIB can set its authorities by setting a single object authority value or by setting the individual object and data authorities.

Use getObjectAuthority() to display the current object authority or setObjectAuthority() to set the current object authority using a single value. Valid values are: *ALL, *AUTL, *CHANGE, *EXCLUDE, and *USE.

The detailed object authority can be set to one or more of the following values: alter, exist, management, operational, reference. Use the appropriate set methods (setAlter(), setExistence(), setManamagement(), setOperational(), or setReference()) to set the value on or off. After all values are set, use the commit() method from the Permission class to send the changes to the system.

The data authority can be set to one or more of the following values: add, delete, execute, read, or update. Use the appropriate set methods (setAdd(), setDelete(), setExecute(), setRead(), or setUpdate()) to set the value on or off. After all the values are set, use the commit() method from the Permission class to send the changes to the system.

The single authority actually represents a combination of the detailed object authorities and the data authorities. Selecting a single authority will automatically turn on the appropriate detailed authorities. Likewise, selecting various detailed authorities will change the appropriate single authority values.

For more information on object authority commands, refer to IBM i CL commands GRTOBJAUT (Grant object authority) and EDTOBJAUT (Edit object authority).

See Also:
Serialized Form

Field Summary
 
Fields inherited from class com.ibm.as400.access.UserPermission
GROUPINDICATOR_GROUP, GROUPINDICATOR_SPECIALVALUE, GROUPINDICATOR_USER
 
Constructor Summary
QSYSPermission(String userProfileName)
          Constructs a QSYSPermission object.
 
Method Summary
 String getObjectAuthority()
          Returns the object authority of the user specified as a single value.
static boolean hasObjectAuthorities(AS400 system, String userProfileName, String objectPath, String[] authorityList)
          Determines if the user has the given authorities to the object on the system.
 boolean isAdd()
          Indicates if the user has the data authority of add.
 boolean isAlter()
          Indicates if the user has the object authority of alter.
 boolean isDelete()
          Indicates if the user has the data authority of delete.
 boolean isExecute()
          Indicates if the user has the data authority of execute.
 boolean isExistence()
          Indicates if the user has the object authority of existence.
 boolean isManagement()
          Indicates if the user has the object authority of management.
 boolean isOperational()
          Indicates if the user has the object authority of operational.
 boolean isRead()
          Indicates if the user has the data authority of read.
 boolean isReference()
          Indicates if the user has the object authority of reference.
 boolean isUpdate()
          Indicates if the user has the data authority of update.
 void setAdd(boolean authority)
          Sets the add data authority.
 void setAlter(boolean authority)
          Sets the alter object authority.
 void setDelete(boolean authority)
          Sets the delete data authority.
 void setExecute(boolean authority)
          Sets the execute data authority.
 void setExistence(boolean authority)
          Sets the existence object authority.
 void setManagement(boolean authority)
          Sets the management object authority.
 void setObjectAuthority(String authority)
          Sets the object authority of the user using a single value.
 void setOperational(boolean authority)
          Sets the operational object authority.
 void setRead(boolean authority)
          Sets the read data authority.
 void setReference(boolean authority)
          Sets the reference object authority.
 void setUpdate(boolean authority)
          Sets the update data authority.
 
Methods inherited from class com.ibm.as400.access.UserPermission
clone, getGroupIndicator, getUserID, isAuthorizationListManagement, isFromAuthorizationList, setAuthorizationListManagement, setFromAuthorizationList
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

QSYSPermission

public QSYSPermission(String userProfileName)
Constructs a QSYSPermission object. This is the permission of the specified user.

Parameters:
userProfileName - The name of the user profile.
Method Detail

getObjectAuthority

public String getObjectAuthority()
Returns the object authority of the user specified as a single value.

Returns:
The object authority of the user specified as a single value. The possible values are:
  • *ALL The user can perform all operations on the object except for those limited to the owner or controlled by authorization list management authority. The user can control the object's existence, specify the security for the object, change the object, and perform basic functions on the object. The user can also change ownership of the object.
  • *AUTL The public authority of the authorization list securing the object will be used. This is valid only if *PUBLIC is the user specified.
  • *CHANGE The user can perform all operations on the object except those limited to the owner or controlled by object existence authority and object management authority.
  • *EXCLUDE The user cannot access the object.
  • *USE The user has object operational authority, read authority, and execute authority.
See Also:
setObjectAuthority(String)

hasObjectAuthorities

public static boolean hasObjectAuthorities(AS400 system,
                                           String userProfileName,
                                           String objectPath,
                                           String[] authorityList)
                                    throws AS400Exception,
                                           AS400SecurityException,
                                           ErrorCompletingRequestException,
                                           InterruptedException,
                                           IOException,
                                           ObjectDoesNotExistException
Determines if the user has the given authorities to the object on the system. Returns true if the user has at least all of the specified authorities, and false otherwise.

Parameters:
system - The system.
userProfileName - The name of the user profile.
objectPath - The full path of the object. For example, "/QSYS.LIB/FRED.LIB".
authorityList - The list of authorities. At least one authority must be specified. Possible authorities include:
 *EXCLUDE
 *ALL
 *CHANGE
 *USE
 *AUTLMGT
 *OBJALTER
 *OBJOPR
 *OBJMGT
 *OBJEXIST
 *OBJREF
 *READ
 *ADD
 *UPD
 *DLT
 *EXECUTE
 
Returns:
true if the user has all the specified authorities to the object.
Throws:
AS400Exception - If the system returns an error message.
AS400SecurityException - If a security or authority error occurs.
ErrorCompletingRequestException - If an error occurs before the request is completed.
InterruptedException - If this thread is interrupted.
IOException - If an error occurs while communicating with the system.
ObjectDoesNotExistException

isAdd

public boolean isAdd()
Indicates if the user has the data authority of add.

Returns:
true if the user has the data authority of add; false otherwise.

isAlter

public boolean isAlter()
Indicates if the user has the object authority of alter.

Returns:
true if the user has the object authority of alter; false otherwise.

isDelete

public boolean isDelete()
Indicates if the user has the data authority of delete.

Returns:
true if the user has the data authority of delete; false otherwise.

isExecute

public boolean isExecute()
Indicates if the user has the data authority of execute.

Returns:
true if the user has the data authority of execute; false otherwise.

isExistence

public boolean isExistence()
Indicates if the user has the object authority of existence.

Returns:
true if the user has the object authority of existence; false otherwise.

isManagement

public boolean isManagement()
Indicates if the user has the object authority of management.

Returns:
true if the user has the object authority of management; false otherwise.

isOperational

public boolean isOperational()
Indicates if the user has the object authority of operational.

Returns:
true if the user has the object authority of operational; false otherwise.

isRead

public boolean isRead()
Indicates if the user has the data authority of read.

Returns:
true if the user has the data authority of read; false otherwise.

isReference

public boolean isReference()
Indicates if the user has the object authority of reference.

Returns:
true if the user has the object authority of reference; false otherwise.

isUpdate

public boolean isUpdate()
Indicates if the user has the data authority of update.

Returns:
true if the user has the data authority of update; false otherwise.

setAdd

public void setAdd(boolean authority)
Sets the add data authority.

Parameters:
authority - true to set the data authority of add on; false to set the data authority of add off.

setAlter

public void setAlter(boolean authority)
Sets the alter object authority.

Parameters:
authority - true to set the object authority of alter on; false to set the object authority of alter off.

setDelete

public void setDelete(boolean authority)
Sets the delete data authority.

Parameters:
authority - true to set the data authority of delete on; false to set the data authority of delete off.

setExecute

public void setExecute(boolean authority)
Sets the execute data authority.

Parameters:
authority - true to set the data authority of execute on; false to set the data authority of execute off.

setExistence

public void setExistence(boolean authority)
Sets the existence object authority.

Parameters:
authority - true to set the object authority of existence on; false to set the object authority of existence off.

setManagement

public void setManagement(boolean authority)
Sets the management object authority.

Parameters:
authority - true to set the object authority of management on; false to set the object authority of management off.

setObjectAuthority

public void setObjectAuthority(String authority)
Sets the object authority of the user using a single value.

Parameters:
authority - The object authority of the user.

Valid values are:

  • *ALL The user can perform all operations on the object except for those limited to the owner or controlled by authorization list management authority. The user can control the object's existence, specify the security for the object, change the object, and perform basic functions on the object. The user can also change ownership of the object.
  • *AUTL The public authority of the authorization list securing the object will be used. This is valid only if *PUBLIC is the user specified.
  • *CHANGE The user can perform all operations on the object except those limited to the owner or controlled by object existence authority and object management authority.
  • *EXCLUDE The user cannot access the object.
  • *USE The user has object operational authority, read authority, and execute authority.

setOperational

public void setOperational(boolean authority)
Sets the operational object authority.

Parameters:
authority - true to set the object authority of operational on; false to set the object authority of operational off.

setRead

public void setRead(boolean authority)
Sets the read data authority.

Parameters:
authority - true to set the data authority of read on; false to set the data authority of read off.

setReference

public void setReference(boolean authority)
Sets the reference object authority.

Parameters:
authority - true to set the object authority of reference on; false to set the object authority of reference off.

setUpdate

public void setUpdate(boolean authority)
Sets the update data authority.

Parameters:
authority - true to set the data authority of update on; false to set the data authority of update off.