Previous PageTable Of ContentsNext Page

    QUERY


.

QUERY or

CAN

--------

-

Requestor Action Object [ ( MIXED ACIGROUP MSG --]
-----------------------------------------
[ NOMSG ]

---------------------------------------------------------

      Requestor - {[USER] ReqUser, ACIGROUP ReqGroup}

      Action ---- {READ, WRITE, MANAGE, CO-OWNER}

      Object ---- {[fn ft]fp:fs.[dir1[.dir2[...dir8]]][.]}
      ------------
      {fn ft}

--


Purpose

Use the QUERY command to determine if Requestor can Action Object. Also use the QUERY command to determine what Action(s) to Object, Requestor can take.

Authorization

MANAGE authorization over Object or SAFADMIN authorization.

Parameters

Requestor:

    USER Userid

Specifies the requesting userid. The keyword USER is optional and may be omitted.

   

    ACIGROUP Groupid

Specifies the name of an acigroup that requesting users are members of.


Action:

    READ

Queries "READ" access to Object.

   

    WRITE

Queries "WRITE" access to Object.

   

    CO-OWNER

Queries "CO-OWNER" access to Object.

Note: Fp in SFS Object must be *:

   

    MANAGE

Queries the ability to "MANAGE" Object.

   

    ?

Queries what authority Requestor has over Object.


Object:

Specifies the object being queried. Object is one of:

SFSObject:
[fn ft] fp:fs.[dir1[.dir2[...dir8]]][.]

    fn

1 to 8 character file name. File type is required if file name is specified.

    ft

1 to 8 character file type. File name is required if file type is specified.

    fp

1 to 8 character file pool name. The file pool name may be *: for action MANAGE and must be *: for action CO-OWNER.

    fs

1 to 8 character file space name.

    dir1...dir8

Each directory specified is a 1 to 16 character directory name.


Note: Pattern matching is not allowed with the Query command except for actions CO-OWNER and MANAGE as noted above.

Rule Fileid: Only valid for queries with Action MANAGE

    fn

1 to 8 character file name.

    ft

Must be specified as one of: ADMIN, GRPADMIN, USRADMIN, USRDFLT, GRPDFLT, DEFAULT, or MANAGE


Options

    MIXED

Indicates that the filename and filetype specified in the SFS Object contain mixed case characters and should not be upper cased by SafeSFS.

   

    ACIGROUP

Indicates that the fs specified in SFS object is an acigroup, not a file space, indicating all members of that acigroup. It may also be RuleFn indicating all members of the Acigroup.

   

    MSG

Indicates that a message will be displayed explaining the outcome of the QUERY command. MSG is the default if omitted.

   

    NOMSG

Indicates that a message explaining the outcome of the QUERY command will not be displayed.


Return Codes and Messages


            For QUERY READ|WRITE|CO-OWNER|MANAGE

Return Code

MESSAGE

0

0150I Type requestor is authorized to action object.

4

0151I No rule found authorizing type requestor to action object.

16

0152I Type requestor is not authorized to action object.

20

0153I You are not authorized to issue this query.

24

0154I Query failed due to an internal error.


                  For QUERY ?

Return Code

MESSAGE

1

0155I Type requestor has a READ ACCEPT and no write rules for object.

3

0157I Type requestor has a READ ACCEPT and a WRITE ACCEPT rule for object.

4

0158I Type requestor has a READ REJECT and no write rules for object.

6

0159I Type requestor has a READ REJECT and a WRITE ACEEPT rule for object.

8

0160I Type requestor has no read and a WRITE REJECT rule for object.

9

0161I Type requestor has a READ ACCEPT and a WRITE REJECT rule for object.

12

0162I Type requestor has a READ REJECT and a WRITE REJECT rule for object.

16

0163I Type requestor has no rules which apply for object.

20

0153I You are not authorized to issue this query.

24

0154I Query failed due to an internal error.


Usage Notes

  1. In General, pattern matching is not allowed on Query commands. The exception is allowed for MANAGE and CO-OWNER queries. CO-OWNER rules and MANAGE rules apply to all file pools, so a filepool of * must be specified for CO-OWNER, and is assumed regardless of specification for MANAGE with an SFS type object.


  2. The rule file type of object is only allowed for MANAGE queries.


  3. If the SFS type of object is used with MANAGE, the query will determine if the requestor may MANAGE any of the rule files that may affect the SFS object specified.


  4. The object for READ WRITE, and ? queries must be an SFS type object, and must be a specific object. Pattern matching is not allowed.


  5. If file pool name is omitted and there is no active file pool, the QUERY will fail and an error message will be displayed.



Examples
  1. SAFESFS QUERY MARY READ TFP:BILL.
    This command asks if MARY is allowed to read the BILL file space in the TFP file pool. SafeSFS supplies the answer in the form of a return code. See QUERY return codes, earlier in this chapter.


  2. SAFESFS QUERY ACIGROUP SYSTEMS WRITE TFP:MAINT.
    This command asks if members of ACIGROUP SYSTEMS are allowed to write to the MAINT file space in the TFP file pool.


  3. SAFESFS QUERY JOHN MANAGE *:BILL.
    This command asks if JOHN is allowed to MANAGE a rule file that affects the BILL file space.


  4. SAFESFS QUERY MARY ? TFP:BILL.
    This command asks what actions MARY is allowed for the BILL file space in the TFP file pool.


  5. SAFESFS QUERY SUE CO-OWNER *:JOHN.
    This command asks if SUE is a CO-OWNER of file space JOHN in all file pools.


Previous PageTable Of ContentsNext Page