Check Object (CHKOBJ)

Where allowed to run: All environments (*ALL)
Threadsafe: Yes
Parameters
Examples
Error messages

The Check Object (CHKOBJ) command checks object existence and verifies the user's authority for the object before trying to access it. If the object exists and the user has the proper authority for the object, no error messages are sent to the user. For verification, as many as ten specific authorities can be specified on the command.

These checks are particularly useful before the user tries to access several objects at the same time. This command is also used to check the validity of object names contained in CL variables and to verify object authorizations under program control.

When the command runs, the system searches for the specified object. If the object is found, the system verifies that the user is authorized to that object as specified for the Authority (AUT) parameter. If the object is not found or the user does not have the authorities specified for the AUT parameter, an error message is sent to the user.

Top


 

Parameters

Keyword Description Choices Notes
OBJ Object Qualified object name Required, Positional 1
Qualifier 1: Object Name
Qualifier 2: Library Name, *LIBL, *CURLIB
OBJTYPE Object type *ALRTBL, *AUTL, *BNDDIR, *CFGL, *CHTFMT, *CLD, *CLS, *CMD, *CNNL, *COSD, *CRG, *CRQD, *CSI, *CSPMAP, *CSPTBL, *CTLD, *DEVD, *DOC, *DTAARA, *DTADCT, *DTAQ, *EDTD, *EXITRG, *FCT, *FILE, *FLR, *FNTRSC, *FNTTBL, *FORMDF, *FTR, *GSS, *IGCDCT, *IGCSRT, *IGCTBL, *IMGCLG, *IPXD, *JOBD, *JOBQ, *JOBSCD, *JRN, *JRNRCV, *LIB, *LIND, *LOCALE, *MEDDFN, *MENU, *MGTCOL, *MODD, *MODULE, *MSGF, *MSGQ, *M36, *M36CFG, *NODGRP, *NODL, *NTBD, *NWID, *NWSCFG, *NWSD, *OUTQ, *OVL, *PAGDFN, *PAGSEG, *PDFMAP, *PDG, *PGM, *PNLGRP, *PRDDFN, *PRDLOD, *PSFCFG, *QMFORM, *QMQRY, *QRYDFN, *RCT, *SBSD, *SCHIDX, *SPADCT, *SQLPKG, *SQLUDT, *SRVPGM, *SSND, *SVRSTG, *S36, *TBL, *TIMZON, *USRIDX, *USRPRF, *USRQ, *USRSPC, *VLDL, *WSCST Required, Positional 2
MBR Member, if data base file Name, *NONE, *FIRST Optional, Positional 3
AUT Authority Single values: *NONE, *ALL, *CHANGE, *USE, *EXCLUDE, *AUTLMGT
Other values (up to 10 repetitions): *OBJALTER, *OBJEXIST, *OBJMGT, *OBJOPR, *OBJREF, *ADD, *DLT, *EXECUTE, *READ, *UPD
Optional, Positional 4

Top

 

Object (OBJ)

Specifies the object to be checked.

This is a required parameter.

Qualifier 1: Object

name

Specify the name of the object to be checked.

Qualifier 2: Library

*LIBL

All libraries in the library list for the current thread are searched until the first match is found.

*CURLIB

The current library for the thread is searched. If no library is specified as the current library for the thread, the QGPL library is searched.

name

Specify the name of the library to be searched.

Top

 

Object type (OBJTYPE)

Specifies the object type of the object to be checked.

To see a complete list of object types when prompting this command, position the cursor on the field for this parameter and press F4 (Prompt). For a description of the object types, see "Object types" in the CL concepts and reference topic in the iSeries Information Center at http://www.ibm.com/eserver/iseries/infocenter.

This is a required parameter.

object-type

Specify the type of object to be checked.

Top

 

Member, if data base file (MBR)

Specifies the file member, if a member of a database file is to be checked.

The logical file member, and the physical file members on which it is based are checked.

*NONE

Database file members are not checked, but the existence and (optionally) the authority for the file are checked. For all other object types (including device files), *NONE is the only valid value for this parameter.

*FIRST

The first member of the specified file is used.

name

Specify a physical or logical file member to be checked. Values specified for the Object (OBJ) and Object type (OBJTYPE) parameters must identify a database file and the member specified must be a member of the database file specified for the OBJ parameter.

Top

 

Authority (AUT)

Specifies the authority to be checked or specifies an authorization list to be checked. This parameter can be specified as a single value or as a list of one or more elements.

Single values

*NONE

Authority is not checked.

*ALL

All (*ALL) authority provides the authority needed to perform all operations except those limited to the owner or controlled by authorization list management (*AUTLMGT) authority. You can control the object's existence, specify the security for the object, change the object, and perform basic functions on the object. You also can change ownership of the object.

*CHANGE

Change (*CHANGE) authority provides the authority needed to perform all operations on the object except those limited to the owner or controlled by object existence (*OBJEXIST) and object management (*OBJMGT) authorities. You can change and perform basic functions on the object. *CHANGE authority provides object operational (*OBJOPR) authority and all data authority. If the object is an authorization list, you cannot add, change, or remove users.

*EXCLUDE

Exclude authority prevents access to the object.

*AUTLMGT

Authorization list management (*AUTLMGT) authority provides the authority needed to add user names to the authorization list, change users' authorities on the authorization list, to remove user names from the authorization list, to rename an authorization list, or to create a duplicate authorization list.

You must use the object type of *AUTL when you specify *AUTLMGT authority.

Other values (up to 10 repetitions)

*OBJALTER

Object alter (*OBJALTER) authority provides the authority needed to alter the attributes of an object. If the user has this authority for a database file, the user can add and remove triggers, add and remove referential and unique constraints, and change the attributes of the database file. If the user has this authority for a SQL package, the user can change the attributes of the SQL package. This authority is currently only used for database files and SQL packages.

*OBJEXIST

Object existence (*OBJEXIST) authority provides the authority needed to control object ownership and existence. These authorities are necessary for a user who wants to delete, free storage, save, restore, or transfer ownership of an object. (If a you have save system (*SAVSYS) special authority, you do not need *OBJEXIST authority.)

*OBJMGT

Object management (*OBJMGT) authority provides the authority needed to specify the security for the object, move or rename the object, and add members to database files.

*OBJOPR

Object operational (*OBJOPR) authority provides the authority needed to look at the description of an object and to use the object as determined by the user's data authority for the object. *OBJOPR authority has no data authorities associated with it.

*OBJREF

Object reference (*OBJREF) authority provides the authority needed to reference an object from another object such that operations on that object may be restricted by the other object. If the user has this authority for a physical file, the user can add a referential constraint in which the physical file is the parent. This authority is currently only used for database files.

*ADD

Add authority (*ADD) provides the authority needed to add entries to an object (for example, job entries to a queue or records to a file).

*DLT

Delete (*DLT) authority provides authority needed to remove entries from an object.

*EXECUTE

Execute (*EXECUTE) authority provides the authority needed to run a program or locate an object in a library or directory.

*READ

Read (*READ) authority provides the authority needed to show the contents of an object.

*UPD

Update (*UPDATE) authority provides authority needed to change the entries in an object.

Top


 

Examples

Example 1: Checking for Existence of a Program

 CHKOBJ   OBJ(LIB1/PROG1)  OBJTYPE(*PGM)

This command checks for the existence of a program named PROG1 in library LIB1. Your authorities to PROG1 are not checked.

Example 2: Checking for User's Authority to File

 CHKOBJ   OBJ(SOURCE1)  OBJTYPE(*FILE)  MBR(MBR3)  AUT(*CHANGE)

This command checks for the existence of file SOURCE1 and for the existence of member MBR3 in file SOURCE1. It also checks to see if you have change (*CHANGE) authority to file SOURCE1.

Example 3: Checking for Your Authority to Program

 CHKOBJ   OBJ(LIB1/PROG1)  OBJTYPE(*PGM)  AUT(*CHANGE)

This command checks the existence of program PROG1 in library LIB1. It also checks to see if you have change (*CHANGE) authority to PROG1.

Example 4: Checking User's Authority to a Logical File Member

 CHKOBJ   OBJ(FILEA)  OBJTYPE(*FILE)  MBR(MBR1)  AUT(*USE)

This command checks your authority to use logical file member MBR1, and each physical file member on which MBR1 is based.

Example 5: Checking User's Add and Delete Authority

 CHKOBJ   OBJ(FILEA)  OBJTYPE(*FILE)  MBR(MBR1)  AUT(*ADD  *DLT)
MONMSG   MSGID(CPF9802)  EXEC(GOTO  ERROR1)

These two commands (CHKOBJ and MONMSG) are used to verify that you have both add (*ADD) and delete (*DLT) authorities for logical file FILEA and each of the physical file members on which the logical file member MBR1 in the logical file FILEA is based. If you do not have data authority for FILEA and each of the physical file members on which FILEA is based, escape message CPF9802 is sent to the program, and control in the program is passed to the command that has the label ERROR1.

Top


 

Error messages

*ESCAPE Messages

CPF9801

Object &2 in library &3 not found.

CPF9802

Not authorized to object &2 in &3.

CPF9810

Library &1 not found.

CPF9815

Member &5 file &2 in library &3 not found.

CPF9820

Not authorized to use library &1.

CPF9830

Cannot assign library &1.

CPF9899

Error occurred during processing of command.

Top