System i: Authorities required for file operations

Authorities required for file operations

This topic lists the file object authority and data authority required for file functions.
Table 1 lists the file object authority required for file functions. Table 2 lists the data authority required for file functions. This is the same information that was presented in the previous two sections, but it is listed by function rather than by authority.

Table 1. Object authority required for file operations. The file object authority required for file functions
Function Object operational Object existence Object management Object reference Object alter

Open, I/O, close file¹ X
Compile a program using the file description X
Display file description X
Delete file X X
Save/restore X
Transfer ownership X X
Grant/revoke authority X X
Change file description X X
Move file X X
Rename file X X
Replace file X X X
Refer to another file ² X X
Add or remove file constraints ³ X X
Add or remove triggers ⁴ X X
Change attributes ⁵ X X
Notes:

¹

For device files that are not using spooling, also have object operational and all data authorities to the device.

²

For database files only.

³

For database files only. Parent files need object management or object reference authority. Dependent files need object management or object alter authority.

⁴

For database files only. Files need object management or object alter authority.

⁵

For database files and SQL packages only. Files need object management or object alter authority.

Table 2. Data authority required for file operations. The data authority required for file functions.
Function Execute Read Add Update Delete

Open, I/O, close file¹ X X² X³ X³
Compile a program using the file description X
Run a program or locate an object in a library X
Display file description X
Replace file X
Add or remove triggers ⁴ X X⁵ X⁶ X⁷
Notes:

¹

For device files that are not using spooling, also have object operational and all data authorities to the device.

²

Open for output for database and save files.

³

Open for update or delete for database files.

⁴

For database files only.

⁵

Add authority required in addition to Read authority for inserting triggers.

⁶

Update authority required in addition to Read authority for updating triggers.

⁷

Delete authority required in addition to Read authority for deleting triggers.

Parent topic:
Security

Function	Object operational	Object existence	Object management	Object reference	Object alter
Open, I/O, close file¹	X
Compile a program using the file description	X
Display file description	X
Delete file	X	X
Save/restore		X
Transfer ownership	X	X
Grant/revoke authority	X		X
Change file description	X		X
Move file	X		X
Rename file	X		X
Replace file	X	X	X
Refer to another file ²			X	X
Add or remove file constraints ³			X		X
Add or remove triggers ⁴			X		X
Change attributes ⁵			X		X
Notes: ¹ For device files that are not using spooling, also have object operational and all data authorities to the device. ² For database files only. ³ For database files only. Parent files need object management or object reference authority. Dependent files need object management or object alter authority. ⁴ For database files only. Files need object management or object alter authority. ⁵ For database files and SQL packages only. Files need object management or object alter authority.

Function	Execute	Read	Add	Update	Delete
Open, I/O, close file¹		X	X²	X³	X³
Compile a program using the file description		X
Run a program or locate an object in a library	X
Display file description		X
Replace file		X
Add or remove triggers ⁴		X	X⁵	X⁶	X⁷
Notes: ¹ For device files that are not using spooling, also have object operational and all data authorities to the device. ² Open for output for database and save files. ³ Open for update or delete for database files. ⁴ For database files only. ⁵ Add authority required in addition to Read authority for inserting triggers. ⁶ Update authority required in addition to Read authority for updating triggers. ⁷ Delete authority required in addition to Read authority for deleting triggers.