Ever wanted to use the group profiles that exist on your IBM i to control your PHP applications? Maybe only people in a certain group should see a page. The SQL script below gets the group profiles the current user belongs to (Note: USER is a sql reserved word that gets the current user profile calling sql).

SQL Code

[code language=”sql”]
–Group Profile info of current user
SELECT GROUP_PROFILE_NAME, USER_TEXT
FROM QSYS2.GROUP_PROFILE_ENTRIES
WHERE USER_PROFILE_NAME = USER

–Query to view all your users group profiles ordered by user and group
SELECT USER_PROFILE_NAME AS USERNAME,GROUP_PROFILE_NAME AS GROUP,USER_TEXT AS DESCRIPTION
FROM QSYS2.GROUP_PROFILE_ENTRIES
ORDER BY USER_PROFILE_NAME,GROUP_PROFILE_NAME
[/code]

The PHP code below connects as the current user and checks to see if they are in the ADMIN group. We use $hasAccess to determine if the user has access.

PHP Code

[code language=”php”]
$hasAccess=false;
$db2Connection = db2_connect( ”, ” , ”,array());
if (!$db2Connection) { echo ‘false – Connection failed’;exit(); }

$sql=’SELECT GROUP_PROFILE_NAME, USER_TEXT
FROM QSYS2.GROUP_PROFILE_ENTRIES
WHERE USER_PROFILE_NAME = USER’;
$stmt = db2_exec($db2Connection,$sql);
while($row = db2_fetch_assoc($stmt))
{
if($row[‘GROUP_PROFILE_NAME’]==’ADMIN’)
{
$hasAccess=true;
}
}
[/code]

UPDATE:

GROUP_PROFILE_ENTRIES is a view over:

QSYS2.Authids – an alias to AUTHORIZATIONs which calls OBJECT_STATISTICS twice for user profile data.
QSYS2.GROUP_USERS – a function that calls QSYS/QSQGRPPRF

and i think this will fill up your QAUDJRN with Authorization Failures in a secure environment, so QSYS2.USER_INFO might be a better choice and parse out the group profiles under the SUPPLEMENTAL_GROUP_LIST field and GROUP_PROFILE_NAME