object show
Shows values for the protected object.
If the protected object name specified does not exist, default values are shown. To determine whether a protected object exists, use the object show command.
Requires authentication (administrator ID and password) to use.
object show object_name [attribute attribute_name]
The object show command shows values associated with the protected object. The object values shown can include:
- ACLs.
- POPs.
- Authorization rules.
- Extended attributes, such as attribute name and value pairs.
These extended attributes can be attached directly to the object or inherited from protected objects in the hierarchy of this object.
When the attribute option is specified, the attribute_name value or values are shown if the attribute is attached to the protected object specified.
This command limits the output for POPs, ACLs, and authorization rules, which are based on the permissions of the user. A user must have the view (v) permission on the object to show it.
Options
- object_name
- Protected object. The specified protected object is the fully qualified name of the object, including the object space within which it is located.
Examples of object names are:
- /Management/Groups/Travel
- /WebSEAL
- /Management
- attribute attribute_name
- Name of the extended attribute whose values are to be displayed. (Optional) The extended attribute must exist for the object name specified, or an error is displayed. In the example that is listed for the /object-text object in Examples, the following extended attributes are shown:
- test1
- test2
- abc
Return codes
- 0
- The command completed successfully.
- 1
- The command failed. When a command fails, the pdadmin command provides a description of the error and an error status code in hexadecimal format (for example, 0x14c012f2). See "Error messages" in the IBM Knowledge Center. This reference provides a list of the ISAM error messages by decimal or hexadecimal codes.
Examples
- The following example displays the /object-test object and lists all attached and effective ACLs, POPs, authzrules, and extended attributes:
pdadmin sec_master> object show /object-testDisplays information like:Name: /object-test Description: Test object Type: 12 (Leaf Object) Is Policy Attachable : Yes Extended Attributes: Name:test1 Value(s): 1111 Name:test2 Value(s): abc 2222 second Attached ACL: Attached POP: Attached AuthzRule: Effective Extended Attributes: Protected Object Location: /object-test Name:test1 Value(s): 1111 Name:test2 Value(s): abc 2222 second Effective ACL: default-root Effective POP: Effective AuthzRule:
The following example displays the /object-test/child1 object and lists all attached and effective ACLs, POPs, AuthzRules, and extended attributes: pdadmin sec_master> object show /object-test/child1Displays information like:Name: /object-test/child1 Description: Child 1 Type: 12 (Leaf Object) Is Policy Attachable : Yes Extended Attributes: Attached ACL: Attached POP: Attached AuthzRule: Effective Extended Attributes: Protected Object Location: /object-test Name:test1 Value(s): 1111 Name:test2 Value(s): abc 2222 second Effective ACL: default-root Effective POP: Effective AuthzRule:
The following example displays information about the test1 attribute that is listed for object/object-test/child1: pdadmin sec_master> object show /object-test/child1 attribute test1Because the test1 attribute is an extended attribute of the /object-test object, the command returns the following message:Could not perform the administration request
Error: HPDAC0463E There are no extended attributes associated with the specified protected object or authorization policy object. (status 0x1005b1cf) To view the information about the test1 attribute of the /object-test object:pdadmin sec_master> object show /object-test attribute test1Displays information like:test1 1111
The following example displays the /Management/test-object object, which lists any attached (myrule) and effective (myacl and mypop) policies: pdadmin sec_master> object show /Management/test-objectDisplays information like:Name: /Management/test-object/ Description : Test object Type: 14 (Application Container Object) Is Policy Attachable: Yes Extended Attributes: Attached ACL: myacl Attached POP: mypop Attached AuthzRule: myrule Effective Extended Attributes: Effective ACL: myacl Effective POP: mypop Effective AuthzRule: myrule
Create a protected object and then performs an object show of that protected object. An object show is then performed for an object that has not been created. Then the object exists command is issued for both of these objects. pdadmin sec_master> object create /Management/new_object1" "0ispoly pdadmin sec_master> object show /Management/new_object1 Name: /Management/new_object1 Description: Type: 0 (Unknown) Is Policy Attachable: Yes Extended Attributes: Attached ACL: Attached POP: Attached AuthzRule: Effective Extended Attributes: Effective ACL: default-management Effective POP: Effective AuthzRule: pdadmin sec_master> object show /Management/not_there_object Name: /Management/not_there_object Description: Type: 0 (Unknown) Is Policy Attachable: Yes Extended Attributes: Attached ACL: Attached POP: Attached AuthzRule: Effective Extended Attributes: Effective ACL: default-management Effective POP: Effective AuthzRule: pdadmin sec_master> object exists /Management/new_object1 Exists: Yes pdadmin sec_master> object exists /Management/not_there_object Exists: No
See also
object list
object list
object listandshowParent topic: pdadmin commands