check Command Determine a User's Access Authority

Valid in the AC environment
capamsc141
Valid in the AC environment
Use the check command to determine if a user has access privileges to a particular resource. The command checks access according to the resource's ACL and default access property. However, it does not support PACLs; that is, it does not indicate whether the user can access a resource using a specific program.
This command is not available when seos is down. For more information about PACLs, see the
Endpoint Administration Guide
for your OS.
To use this command you must have sufficient authority over the resource, as defined by any of the following conditions:
  • The process running the command has the SERVER attribute.
  • You have the ADMIN attribute.
This command has the following format:
check className resourceName uid(userName) access(authority)
  • access(
    authority
    )
    Defines the access authority to be checked for the accessor identified by the uid parameter.
    Valid values depend on the resource being checked.
  • className
    Defines the name of the class to which
    resourceName
    belongs.
  • resourceName
    Defines the name of the resource record.
  • uid(
    userName
    )
    Defines the name of the 
    PAM Server Control
    user whose authority to access
    resourceName
    isto be verified.
Example: Determine whether a user has access to a resource
To determine whether user Alain has write access to the resource
testfile
of class
file
, enter the following command:
check FILE /testfile uid(Alain) access(w)
The following sample output of this command indicates that user Alain has write access to the defined file because Alain is the resource's owner:
Access to FILE /testfile GRANTED Stage: Resource OWNER check