Security APIs

The OS/400 security APIs allow you to:

Perform many of the security functions through a program interface. You can use APIs instead of CL commands.
Combine many individual jobs into a single server or overhead job without compromising system security.

These APIs can be used to consolidate server jobs to reduce processing time and storage use because the system performs job management tasks for only one job. It also speeds response time for system users.

The security APIs and their functions follow:

Change Dedicated Service Tools Profiles (QSYCHGDS) changes the user IDs or the passwords (or both) for the three Dedicated Service Tools (DST) profiles.
Change Previous Sign-On Date (QSYCHGPR) changes the previous sign-on date and time to the current date and time for the current user of the job.
Change User Password (QSYCHGPW) changes a user's password.
Change User Profile UID or GID (QSYCHGID) changes the user ID (UID) or group ID (GID) value for a user profile object.
Check User Authority to an Object (QSYCUSRA) returns an indication about a user's specified authority to an object.
Check User Special Authorities (QSYCUSRS) returns an indication of a user's special authorities.
Convert Authority Values to MI Value (QSYCVTA) converts authority values to the machine interface (MI) representation of the value.
Generate Profile Token (QSYGENPT, QsyGenPrfTkn) verifies that the caller has authority to generate a profile token for the requested profile and then generates a profile token.
Generate Profile Token From Profile Token (QSYGENFT, QsyGenPrfTknFromPrfTkn) generates a profile token using an existing profile token.
Get Profile Handle (QSYGETPH) validates a user ID and password, and creates an encrypted abbreviation called a profile handle for that user profile.
Get Profile Token Time Out (QSYGETPT, QsyGetPrfTknTimeOut) gets the number of seconds until a profile token is not valid.
Invalidate Profile Token (QSYINVPT, QsyInvalidatePrfTkn) invalidates a profile token.
List Authorized Users (QSYLAUTU) puts a list of authorized users of the system in a user space.
List Objects Secured by Authorization List QSYLATLO) puts a list of objects secured by an authorization list in a user space.
List Objects That Adopt Owner Authority (QSYLOBJP) puts a list of objects that adopt an owner's authority in a user space.
List Objects User Is Authorized to, Owns, or Is Primary Group of (QSYLOBJA) puts a list of objects that a user is authorized to, owns, or is the primary group owner for into a user space.
List Users Authorized to Object (QSYLUSRA) puts a list of users privately authorized to an object in a user space.
Open List of Authorized Users (QGYOLAUS) provides information about the authorized users of the system.
QwtClearJuid()--Clear Job User Identity clears any job user identity that was previously set by the QwtSetJuid() function or by the Set Job User Identity (QWTSJUID) API.
QwtSetJuid()--Set Job User Identity sets the job user identity of the current job to the name of the current user profile of the job.
Release Profile Handle (QSYRLSPH) deletes a profile handle.
Remove All Profile Tokens (QsyRemoveAllPrfTkns) provides an interface to remove all profiles on the system.
Remove All Profile Tokens For User (QsyRemoveAllPrfTknsForUser) provides an interface to remove all profile tokens that have been generated for a specific user profile.
Remove Profile Token (QSyRemovePrfTkn) removes the specified profile token.
Remove Profile Tokens (QSYRMVPT) provides an interface to remove all profile tokens that have been generated for user profiles on the system, or to remove all profile tokens that have been generated for a specific user profile.
Reset Profile Attributes (QSYRESPA) resets four attributes of system-supplied user profiles.
Retrieve Authorized Users (QSYRAUTU) returns a list of authorized user names on the system and information about those users.
Retrieve Encrypted User Password (QSYRUPWD) returns to the caller the encrypted password for the specified user profile.
Retrieve Objects Secured by Authorization List (QGYRATLO) provides a list of objects that are secured by an authorization list.
Retrieve User Authority to Object (QSYRUSRA) returns the user's authority to an object.
Retrieve User Information (QSYRUSRI) returns the information about a user.
Retrieve Users Authorized to an Object (QSYRTVUA) provides information about the users who are authorized to an object.
Set Encrypted User Password (QSYSUPWD) sets the encrypted password for the specified user profile by using the receiver variable that was retrieved by the Retrieve Encrypted User Password (QSYRUPWD) API.
Set Job User Identity (QWTSJUID) performs two operations that can be used to explicitly set the job user identity of the current job.
Set Profile (QWTSETP) switches the job to run under a new profile.
Set To Profile Token (QSYSETPT, QsySetToPrfTkn) validates the profile token and changes the current thread to run under the user and group profiles represented by the profile token.

For general information about OS/400 system security, see the Security - Basic book Link outside Information Center .

Top | Security Exit Programs | Digital Certificate Mgmt APIs
Network Security APIs | User Function Registration APIs
Validation List APIs | APIs by category

[Information Center Home Page | Feedback ]

[Legal | AS/400 Glossary]