check Command Determine a User's Access Authority
Valid in the AC environment
capamsc141
Valid in the AC environment
Use the check command to determine if a user has access privileges to a particular resource. The command checks access according to the resource's ACL and default access property. However, it does not support PACLs; that is, it does not indicate whether the user can access a resource using a specific program.
This command is not available when seos is down. For more information about PACLs, see the
Endpoint Administration Guide
for your OS.To use this command you must have sufficient authority over the resource, as defined by any of the following conditions:
- The process running the command has the SERVER attribute.
- You have the ADMIN attribute.
This command has the following format:
check className resourceName uid(userName) access(authority)
- access(authority)Defines the access authority to be checked for the accessor identified by the uid parameter.Valid values depend on the resource being checked.
- classNameDefines the name of the class to whichresourceNamebelongs.
- resourceNameDefines the name of the resource record.
- uid(userName)Defines the name of thePrivileged Access Manageruser whose authority to accessresourceNameisto be verified.
Example: Determine whether a user has access to a resource
To determine whether user Alain has write access to the resource
testfile
of class file
, enter the following command:check FILE /testfile uid(Alain) access(w)
The following sample output of this command indicates that user Alain has write access to the defined file because Alain is the resource's owner:
Access to FILE /testfile GRANTED Stage: Resource OWNER check