User profile authority

User profile authority

The user profile associated with target iSeries™ server jobs must be authorized to the equivalent CL commands before the DDM command can be processed. The target job's user profile must be authorized to use the CL commands listed here before DDM requests can be processed.

Table 1. User profile authority CL commands
DDM command received DDM command description Object type Authorized CL command

CHGDRC Change Current Directory FLR NONE
CHGFAT Change File Attributes PFILE LF DOC/FLR CHGPF CHGLF NONE
CLOSE Close File FILE DOC NONE ¹ NONE
CLRFIL Clear File FILE DOC NONE NONE
CLSDRC Close Directory FLR NONE
CPYFIL Copy File DOC NONE
CRTAIF Create Alternate Index File LF CRTLF
CRTDIRF Create Direct File PF CRTPF
CRTKEYF Create Key File PF CRTPF
CRTSEQF Create Sequential File PF CRTPF
CRTSTRF Create Stream File DOC NONE
CRTDRC Create Directory LIB FLR CRTLIB CRTFLR
DELFIL Delete File FILE DOC DLTF NONE
DELDRC Delete Directory LIB FLR DLTLIB NONE
GETDRCEN Get Directory Entry DOC/FLR NONE
LCKFIL Lock File FILE ALCOBJ
LODRECF Load (Put) Records to File FILE NONE ²
LSTFAT List File Attributes FILE DOC/FLR NONE ³ NONE
OPEN Open File FILE DOC NONE ¹ NONE
OPENDRC Open Directory FLR NONE
QRYSPC Query Space Available to User USRPRF NONE ⁴
RNMDRC Rename Directory FLR LIB NONE RNMOBJ
RNMFIL Rename File FILE DOC MBR RNMOBJ NONE RNMM
UNLFIL Unlock File FILE NONE ⁵
ULDRECF Unload Records From File FILE NONE ²

¹

Authorization to a command is not verified because there are means other than using a command interface by which iSeries users can open and close files.

²

Command authorization is not verified because there is not a direct, one-to-one mapping between a CL command and the DDM LODRECF/ULDRECF command.

³

Authorization to the DSPFD and DSPFFD commands is not verified because it cannot be determined which command should be verified. In addition, the conditions under which the DDM command was issued by the source server are not known.

⁴

The space available to a user can be obtained by issuing the DSPUSRPRF command, but this is only a small piece of the data available through the use of this command.

⁵

Authorization to the CL DLCOBJ command is not checked because if the remote user was able to allocate files, DDM must be able to deallocate them.

The following table is an explanation of the object type codes used in the preceding table.

Table 2. Object type codes definition
Object type Object type definition

DOC Document
FLR Folder
PF Physical file
LF Logical file
LIB Library
MBR Member
SRCF Source physical file
USRPRF User profile

Parent topic:
DDM commands and parameters

Object type	Object type definition
DOC	Document
FLR	Folder
PF	Physical file
LF	Logical file
LIB	Library
MBR	Member
SRCF	Source physical file
USRPRF	User profile