IBM i Global

IBM i 

A space for professionals working with IBM’s integrated OS for Power systems to exchange ideas, ask questions, and share expertise on topics like RPG and COBOL development, application modernization, open source integration, system administration, and business continuity.


#Power


#IBMi
#Power
 View Only
Back to discussions
Expand all | Collapse all

PRTPRVAUT To *OUTFILE

  • 1.  PRTPRVAUT To *OUTFILE

    Posted Wed December 20, 2023 10:13 AM

    I know someone else has solved this.  Our security staff uses the report from PRTPRVAUT as part of their year-end wrap up. There is no option on the command that I have found to have the output to a database.  Sure, I can write a program to parse the report to a data file, but where is the fun in that if this horse has been tamed already.  



    ------------------------------
    David Taylor
    Sr Application Developer
    Range Resources
    Fort Worth TX
    ------------------------------


  • 2.  RE: PRTPRVAUT To *OUTFILE

    Posted Thu December 21, 2023 02:14 AM

    Good morning David,
    From my point of view, the SQL view QSYS2.OBJECT_PRIVILEGS is the solution to the problem:
    SELECT * 
    FROM QSYS2.OBJECT_PRIVILEGES 
    WHERE SYSTEM_OBJECT_SCHEMA = 'QSYS'
    ;
    A good description can be found at: https://www.ibm.com/docs/en/i/7.4?topic=services-object-privileges-view

    Best regards
    Thomas



    ------------------------------
    Thomas Goetze
    ------------------------------

    Original Message


  • 3.  RE: PRTPRVAUT To *OUTFILE

    Posted Thu December 21, 2023 03:24 AM
    Edited by Satid Singkorapoom Thu December 21, 2023 03:30 AM

    Dear David

    Since PRTPVTAUT works with IFS files as well, you may also need to use the table function  QSYS2.IFS_OBJECT_PRIVILEGES:  https://www.ibm.com/docs/en/i/7.4?topic=services-ifs-object-privileges-table-function.   

    These articles are also relevant and useful. The last one uses both table functions. 

    ------------------------------
    Chance favors only the prepared mind.
    -- Louis Pasteur
    ------------------------------
    Satid S.
    ------------------------------

    Original Message


  • 4.  RE: PRTPRVAUT To *OUTFILE

    Posted Thu December 21, 2023 08:32 AM

    Thomas and Satid have pointed out the table functions that you'll want to use.  Once you figure out the SELECT that gives you what you're looking for, you can wrap it up with a "CREATE TABLE MYLIB.PVTAUTFILE AS (SELECT ....) WITH DATA;" and you'll be off to the races!



    ------------------------------
    Steven Riedmueller
    Certified IBM i Admin
    Speaker, Mentor, and Advocate
    ------------------------------

    Original Message


  • 5.  RE: PRTPRVAUT To *OUTFILE

    Posted Thu December 21, 2023 05:42 PM

    Thanks for the input. The more we look at the report, there must be more than just the current state. I am leaning toward using SQL to extract the data from the report to be able to work with the data over time. 



    ------------------------------
    David Taylor
    Sr Application Developer
    Range Resources
    Fort Worth TX
    ------------------------------

    Original Message


  • 6.  RE: PRTPRVAUT To *OUTFILE

    Posted Thu December 21, 2023 07:11 PM

    I wasn't familiar with PRTPVTAUT but I read the help text and it states that it will not only print a report of the current authorities to the object(s), but also it will print another report which lists the authority changes that have been made to that object since the prior run of the report, and a third report listing authorities that were deleted since the last run.

    If it were me, I'd use QSYS2.OBJECT_PRIVILEGES to select the current authorities, wrap it up with an INSERT INTO, and add "current timestamp" as the first field.  That way you could check what the authorities looked like at any particular time that your SQL had taken a "snapshot".  You could compare the last 2 runs, or the current authority against last year, or whatever you wanted.

    Something like the below (btw if this is audit related you could journal changes to the "OBJAUT" file and make sure nobody is messing with it):
    --for the first time, to initially create the table to store your output
    CREATE TABLE DATALIB.OBJAUT AS (
    SELECT CURRENT TIMESTAMP AS OBJAUT_TIMESTAMP, A.*
        FROM QSYS2.OBJECT_PRIVILEGES A
        WHERE SYSTEM_OBJECT_SCHEMA = 'TARGETLIB'
              AND SYSTEM_OBJECT_NAME = 'TARGETOBJ'
              AND OBJECT_TYPE = '*CMD') WITH DATA;

    --for each subsequent run (daily, weekly, whatever)
    INSERT INTO DATALIB.OBJAUT (
    SELECT CURRENT TIMESTAMP AS OBJAUT_TIMESTAMP, A.*
        FROM QSYS2.OBJECT_PRIVILEGES A
        WHERE SYSTEM_OBJECT_SCHEMA = 'TARGETLIB'
              AND SYSTEM_OBJECT_NAME = 'TARGETOBJ'
              AND OBJECT_TYPE = '*CMD');



    ------------------------------
    Steven Riedmueller
    Certified IBM i Admin
    Speaker, Mentor, and Advocate
    ------------------------------

    Original Message


  • 7.  RE: PRTPRVAUT To *OUTFILE

    Posted Fri December 22, 2023 08:08 AM

    Way down in the help on the command are these lines:

    The file QPVXXXXXXX (where 'XXXXXXX' is the object type specified on 
    the command) in library QUSRSYS contains information from the last   
    time the PRTPVTAUT command was run.

    This may be of assistance to you.



    ------------------------------
    Robert Berendt IBMChampion
    ------------------------------

    Original Message


  • 8.  RE: PRTPRVAUT To *OUTFILE

    Posted Fri December 22, 2023 08:02 PM

    And to use QPVXXXXX table from SQL, Scott Forstie provides an example here :  https://gist.github.com/forstie/c828912be5592e3411e2b2260f977090   



    ------------------------------
    Chance favors only the prepared mind.
    -- Louis Pasteur
    ------------------------------
    Satid S.
    ------------------------------

    Original Message


  • 9.  RE: PRTPRVAUT To *OUTFILE

    Posted Tue January 02, 2024 04:17 PM

    This is what I have for now.  Welcome any comments or improvements. 

    https://www.linkedin.com/pulse/parsing-report-file-ibm-i-david-taylor-jme3c



    ------------------------------
    David Taylor
    Sr Application Developer
    Range Resources
    Fort Worth TX
    ------------------------------

    Original Message


Related Content