|
  
QUERY
.
QUERY or
CAN
--------
|
-
Requestor Action Object [ ( MIXED ACIGROUP MSG --]
-----------------------------------------[ NOMSG ]
---------------------------------------------------------
Requestor - {[USER] ReqUser, ACIGROUP ReqGroup}
Action ---- {READ, WRITE, MANAGE, CO-OWNER}
Object ---- {[fn ft]fp:fs.[dir1[.dir2[...dir8]]][.]}
------------{fn ft}
--
|
Purpose
Use the QUERY command to determine if Requestor can Action Object. Also use the QUERY command to determine what Action(s) to Object, Requestor can take.
Authorization
MANAGE authorization over Object or SAFADMIN authorization.
Parameters
Requestor:
|
|
Specifies the requesting userid. The keyword USER is optional and may be omitted.
|
|
|
|
|
|
Specifies the name of an acigroup that requesting users are members of.
|
Action:
|
|
Queries "READ" access to Object.
|
|
|
|
|
|
Queries "WRITE" access to Object.
|
|
|
|
|
|
Queries "CO-OWNER" access to Object.
Note: Fp in SFS Object must be *:
|
|
|
|
|
|
Queries the ability to "MANAGE" Object.
|
|
|
|
|
|
Queries what authority Requestor has over Object.
|
Object:
Specifies the object being queried. Object is one of:
SFSObject:
[fn ft] fp:fs.[dir1[.dir2[...dir8]]][.]
|
|
1 to 8 character file name. File type is required if file name is specified.
|
|
|
1 to 8 character file type. File name is required if file type is specified.
|
|
|
1 to 8 character file pool name. The file pool name may be *: for action MANAGE and must be *: for action CO-OWNER.
|
|
|
1 to 8 character file space name.
|
|
|
Each directory specified is a 1 to 16 character directory name.
|
Note: Pattern matching is not allowed with the Query command except for actions CO-OWNER and MANAGE as noted above.
Rule Fileid: Only valid for queries with Action MANAGE
|
|
1 to 8 character file name.
|
|
|
Must be specified as one of: ADMIN, GRPADMIN, USRADMIN, USRDFLT, GRPDFLT, DEFAULT, or MANAGE
|
Options
|
|
|
|
|
Indicates that the filename and filetype specified in the SFS Object contain mixed case characters and should not be upper cased by SafeSFS.
|
|
|
|
|
|
Indicates that the fs specified in SFS object is an acigroup, not a file space, indicating all members of that acigroup. It may also be RuleFn indicating all members of the Acigroup.
|
|
|
|
|
|
Indicates that a message will be displayed explaining the outcome of the QUERY command. MSG is the default if omitted.
|
|
|
|
|
|
Indicates that a message explaining the outcome of the QUERY command will not be displayed.
|
Return Codes and Messages
For QUERY READ|WRITE|CO-OWNER|MANAGE
Return Code
|
MESSAGE
|
0
|
0150I Type requestor is authorized to action object.
|
4
|
0151I No rule found authorizing type requestor to action object.
|
16
|
0152I Type requestor is not authorized to action object.
|
20
|
0153I You are not authorized to issue this query.
|
24
|
0154I Query failed due to an internal error.
|
|
|
|
Return Code
|
MESSAGE
|
1
|
0155I Type requestor has a READ ACCEPT and no write rules for object.
|
3
|
0157I Type requestor has a READ ACCEPT and a WRITE ACCEPT rule for object.
|
4
|
0158I Type requestor has a READ REJECT and no write rules for object.
|
6
|
0159I Type requestor has a READ REJECT and a WRITE ACEEPT rule for object.
|
8
|
0160I Type requestor has no read and a WRITE REJECT rule for object.
|
9
|
0161I Type requestor has a READ ACCEPT and a WRITE REJECT rule for object.
|
12
|
0162I Type requestor has a READ REJECT and a WRITE REJECT rule for object.
|
16
|
0163I Type requestor has no rules which apply for object.
|
20
|
0153I You are not authorized to issue this query.
|
24
|
0154I Query failed due to an internal error.
|
Usage Notes
- In General, pattern matching is not allowed on Query commands. The exception is allowed for MANAGE and CO-OWNER queries. CO-OWNER rules and MANAGE rules apply to all file pools, so a filepool of * must be specified for CO-OWNER, and is assumed regardless of specification for MANAGE with an SFS type object.
- The rule file type of object is only allowed for MANAGE queries.
- If the SFS type of object is used with MANAGE, the query will determine if the requestor may MANAGE any of the rule files that may affect the SFS object specified.
- The object for READ WRITE, and ? queries must be an SFS type object, and must be a specific object. Pattern matching is not allowed.
- If file pool name is omitted and there is no active file pool, the QUERY will fail and an error message will be displayed.
Examples
- SAFESFS QUERY MARY READ TFP:BILL.
This command asks if MARY is allowed to read the BILL file space in the TFP file pool. SafeSFS supplies the answer in the form of a return code. See QUERY return codes, earlier in this chapter.
- SAFESFS QUERY ACIGROUP SYSTEMS WRITE TFP:MAINT.
This command asks if members of ACIGROUP SYSTEMS are allowed to write to the MAINT file space in the TFP file pool.
- SAFESFS QUERY JOHN MANAGE *:BILL.
This command asks if JOHN is allowed to MANAGE a rule file that affects the BILL file space.
- SAFESFS QUERY MARY ? TFP:BILL.
This command asks what actions MARY is allowed for the BILL file space in the TFP file pool.
- SAFESFS QUERY SUE CO-OWNER *:JOHN.
This command asks if SUE is a CO-OWNER of file space JOHN in all file pools.
|
