com.ibm.as400.access

Class QSYSPermission

  • All Implemented Interfaces:
    java.io.Serializable, java.lang.Cloneable


    public class QSYSPermission
    extends UserPermission

    The QSYSPermission class represents the permissions for the specified user of an object in the traditional IBM i library structure stored in QSYS.LIB.

    A object stored in QSYS.LIB can set its authorities by setting a single object authority value or by setting the individual object and data authorities.

    Use getObjectAuthority() to display the current object authority or setObjectAuthority() to set the current object authority using a single value. Valid values are: *ALL, *AUTL, *CHANGE, *EXCLUDE, and *USE.

    The detailed object authority can be set to one or more of the following values: alter, exist, management, operational, reference. Use the appropriate set methods (setAlter(), setExistence(), setManamagement(), setOperational(), or setReference()) to set the value on or off. After all values are set, use the commit() method from the Permission class to send the changes to the system.

    The data authority can be set to one or more of the following values: add, delete, execute, read, or update. Use the appropriate set methods (setAdd(), setDelete(), setExecute(), setRead(), or setUpdate()) to set the value on or off. After all the values are set, use the commit() method from the Permission class to send the changes to the system.

    The single authority actually represents a combination of the detailed object authorities and the data authorities. Selecting a single authority will automatically turn on the appropriate detailed authorities. Likewise, selecting various detailed authorities will change the appropriate single authority values.

    For more information on object authority commands, refer to IBM i CL commands GRTOBJAUT (Grant object authority) and EDTOBJAUT (Edit object authority).

    See Also:
    Serialized Form
    • Constructor Summary

      Constructors 
      Constructor and Description
      QSYSPermission(java.lang.String userProfileName)
      Constructs a QSYSPermission object.
    • Method Summary

      Methods 
      Modifier and Type Method and Description
      java.lang.String getObjectAuthority()
      Returns the object authority of the user specified as a single value.
      static boolean hasObjectAuthorities(AS400 system, java.lang.String userProfileName, java.lang.String objectPath, java.lang.String[] authorityList)
      Determines if the user has the given authorities to the object on the system.
      boolean isAdd()
      Indicates if the user has the data authority of add.
      boolean isAlter()
      Indicates if the user has the object authority of alter.
      boolean isDelete()
      Indicates if the user has the data authority of delete.
      boolean isExecute()
      Indicates if the user has the data authority of execute.
      boolean isExistence()
      Indicates if the user has the object authority of existence.
      boolean isManagement()
      Indicates if the user has the object authority of management.
      boolean isOperational()
      Indicates if the user has the object authority of operational.
      boolean isRead()
      Indicates if the user has the data authority of read.
      boolean isReference()
      Indicates if the user has the object authority of reference.
      boolean isUpdate()
      Indicates if the user has the data authority of update.
      void setAdd(boolean authority)
      Sets the add data authority.
      void setAlter(boolean authority)
      Sets the alter object authority.
      void setDelete(boolean authority)
      Sets the delete data authority.
      void setExecute(boolean authority)
      Sets the execute data authority.
      void setExistence(boolean authority)
      Sets the existence object authority.
      void setManagement(boolean authority)
      Sets the management object authority.
      void setObjectAuthority(java.lang.String authority)
      Sets the object authority of the user using a single value.
      void setOperational(boolean authority)
      Sets the operational object authority.
      void setRead(boolean authority)
      Sets the read data authority.
      void setReference(boolean authority)
      Sets the reference object authority.
      void setUpdate(boolean authority)
      Sets the update data authority.
      • Methods inherited from class java.lang.Object

        equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • QSYSPermission

        public QSYSPermission(java.lang.String userProfileName)
        Constructs a QSYSPermission object. This is the permission of the specified user.
        Parameters:
        userProfileName - The name of the user profile.
    >
    • Method Detail

      • getObjectAuthority

        public java.lang.String getObjectAuthority()
        Returns the object authority of the user specified as a single value.
        Returns:
        The object authority of the user specified as a single value. The possible values are:
        • *ALL The user can perform all operations on the object except for those limited to the owner or controlled by authorization list management authority. The user can control the object's existence, specify the security for the object, change the object, and perform basic functions on the object. The user can also change ownership of the object.
        • *AUTL The public authority of the authorization list securing the object will be used. This is valid only if *PUBLIC is the user specified.
        • *CHANGE The user can perform all operations on the object except those limited to the owner or controlled by object existence authority and object management authority.
        • *EXCLUDE The user cannot access the object.
        • *USE The user has object operational authority, read authority, and execute authority.
        See Also:
        setObjectAuthority(String)
      • hasObjectAuthorities

        public static boolean hasObjectAuthorities(AS400 system,
                                   java.lang.String userProfileName,
                                   java.lang.String objectPath,
                                   java.lang.String[] authorityList)
                                            throws AS400Exception,
                                                   AS400SecurityException,
                                                   ErrorCompletingRequestException,
                                                   java.lang.InterruptedException,
                                                   java.io.IOException,
                                                   ObjectDoesNotExistException
        Determines if the user has the given authorities to the object on the system. Returns true if the user has at least all of the specified authorities, and false otherwise.
        Parameters:
        system - The system.
        userProfileName - The name of the user profile.
        objectPath - The full path of the object. For example, "/QSYS.LIB/FRED.LIB".
        authorityList - The list of authorities. At least one authority must be specified. Possible authorities include:
         *EXCLUDE
         *ALL
         *CHANGE
         *USE
         *AUTLMGT
         *OBJALTER
         *OBJOPR
         *OBJMGT
         *OBJEXIST
         *OBJREF
         *READ
         *ADD
         *UPD
         *DLT
         *EXECUTE
         
        Returns:
        true if the user has all the specified authorities to the object.
        Throws:
        AS400Exception - If the system returns an error message.
        AS400SecurityException - If a security or authority error occurs.
        ErrorCompletingRequestException - If an error occurs before the request is completed.
        java.lang.InterruptedException - If this thread is interrupted.
        java.io.IOException - If an error occurs while communicating with the system.
        ObjectDoesNotExistException - If the object does not exist.
      • isAdd

        public boolean isAdd()
        Indicates if the user has the data authority of add.
        Returns:
        true if the user has the data authority of add; false otherwise.
      • isAlter

        public boolean isAlter()
        Indicates if the user has the object authority of alter.
        Returns:
        true if the user has the object authority of alter; false otherwise.
      • isDelete

        public boolean isDelete()
        Indicates if the user has the data authority of delete.
        Returns:
        true if the user has the data authority of delete; false otherwise.
      • isExecute

        public boolean isExecute()
        Indicates if the user has the data authority of execute.
        Returns:
        true if the user has the data authority of execute; false otherwise.
      • isExistence

        public boolean isExistence()
        Indicates if the user has the object authority of existence.
        Returns:
        true if the user has the object authority of existence; false otherwise.
      • isManagement

        public boolean isManagement()
        Indicates if the user has the object authority of management.
        Returns:
        true if the user has the object authority of management; false otherwise.
      • isOperational

        public boolean isOperational()
        Indicates if the user has the object authority of operational.
        Returns:
        true if the user has the object authority of operational; false otherwise.
      • isRead

        public boolean isRead()
        Indicates if the user has the data authority of read.
        Returns:
        true if the user has the data authority of read; false otherwise.
      • isReference

        public boolean isReference()
        Indicates if the user has the object authority of reference.
        Returns:
        true if the user has the object authority of reference; false otherwise.
      • isUpdate

        public boolean isUpdate()
        Indicates if the user has the data authority of update.
        Returns:
        true if the user has the data authority of update; false otherwise.
      • setAdd

        public void setAdd(boolean authority)
        Sets the add data authority.
        Parameters:
        authority - true to set the data authority of add on; false to set the data authority of add off.
      • setAlter

        public void setAlter(boolean authority)
        Sets the alter object authority.
        Parameters:
        authority - true to set the object authority of alter on; false to set the object authority of alter off.
      • setDelete

        public void setDelete(boolean authority)
        Sets the delete data authority.
        Parameters:
        authority - true to set the data authority of delete on; false to set the data authority of delete off.
      • setExecute

        public void setExecute(boolean authority)
        Sets the execute data authority.
        Parameters:
        authority - true to set the data authority of execute on; false to set the data authority of execute off.
      • setExistence

        public void setExistence(boolean authority)
        Sets the existence object authority.
        Parameters:
        authority - true to set the object authority of existence on; false to set the object authority of existence off.
      • setManagement

        public void setManagement(boolean authority)
        Sets the management object authority.
        Parameters:
        authority - true to set the object authority of management on; false to set the object authority of management off.
      • setObjectAuthority

        public void setObjectAuthority(java.lang.String authority)
        Sets the object authority of the user using a single value.
        Parameters:
        authority - The object authority of the user.

        Valid values are:

        • *ALL The user can perform all operations on the object except for those limited to the owner or controlled by authorization list management authority. The user can control the object's existence, specify the security for the object, change the object, and perform basic functions on the object. The user can also change ownership of the object.
        • *AUTL The public authority of the authorization list securing the object will be used. This is valid only if *PUBLIC is the user specified.
        • *CHANGE The user can perform all operations on the object except those limited to the owner or controlled by object existence authority and object management authority.
        • *EXCLUDE The user cannot access the object.
        • *USE The user has object operational authority, read authority, and execute authority.
      • setOperational

        public void setOperational(boolean authority)
        Sets the operational object authority.
        Parameters:
        authority - true to set the object authority of operational on; false to set the object authority of operational off.
      • setRead

        public void setRead(boolean authority)
        Sets the read data authority.
        Parameters:
        authority - true to set the data authority of read on; false to set the data authority of read off.
      • setReference

        public void setReference(boolean authority)
        Sets the reference object authority.
        Parameters:
        authority - true to set the object authority of reference on; false to set the object authority of reference off.
      • setUpdate

        public void setUpdate(boolean authority)
        Sets the update data authority.
        Parameters:
        authority - true to set the data authority of update on; false to set the data authority of update off.