In some environments, it is desirable to keep the application
programmers from changing anything in the production libraries.
However, these same programmers may have a valid need to be able to
display anything, copy data or create duplicate objects from the
production library.
The Access Secure Library command (ACCSECLIB) is designed to allow
this to occur. A typical command to display job description JOBD4
would be entered as:
ACCSECLIB LIB(PRODUCTION) CMD(DSPJOBD) OBJ(JOBD4)
The user would see the prompt for the DSPJOBD command and the JOBD
parameter would be protected (it cannot be changed).
ACCSECLIB is created by QSECOFR and operates under his authority.
Before the command can be used, QSECOFR must modify the data area
ACCSECLIB in TAASECURE to describe the valid libraries. The
EDTCONARR command (part of the CONARR Tool) must be used:
EDTCONARR DTAARA(TAASECURE/ACCSECLIB)
The ACCSECLIB and CPP are controlled by the TAAACCSECL authorization
list. A user must have *USE authority to this list to use the
ACCSECLIB command. See the implementation instructions.
Some commands support an outfile. To use this function, the user
must specify the OUTFILE parameter such as:
ACCSECLIB LIB(PRODUCTION) CMD(DSPFD) OBJ(*ALL) OUTFILE(xxx)
The DSPFD prompt will appear with the OUTPUT and OUTFILE parameters
protected. The library for the outfile will always be the current
library which must exist to use the outfile function.
For CPYF and CRTDUPOBJ, the TO library is always the current library
(a current library must exist).
For Copy file, a typical command to copy FILEX to the users current
library would be:
ACCSECLIB LIB(PRODUCTION) CMD(CPYF) OBJ(FILEX)
The user would see the prompt for the CPYF command with the FROMFILE
and TOFILE parameters protected. Other parameters (e.g. CRTFILE)
could be entered.
For CRTDUPOBJ, a typical command to duplicate FILEX to the users
current library would be:
ACCSECLIB LIB(PRODUCTION) CMD(CRTDUPOBJ) OBJ(FILEX)
The user would see the prompt for the CRTDUPOBJ command with the OBJ,
FROMLIB and TOLIB parameters protected. Other parameters (e.g.
DATA) could be entered.
The command assumes that the normal DSP commands will be used. The
list can be tailored. In addition, if you have user written DSP
commands, they can also be added to the program.
Command parameters *CMD
------------------
LIB The library to be accessed. The valid names must be
entered into the program before it can be used.
CMD The command to be executed.
OBJ The object to be used in the command. If CPYF is
specified, this is the name of the FROMFILE. Some
commands support a generic name or *ALL. These
entries may be made if the command supports them.
TOFILE The TOFILE to be used if CPYF is specified for the
command. The default is *FROMFILE.
OUTFILE The default is *NONE. An outfile name may be
entered if supported by the DSP command specified
(e.g. DSPFD).
Prerequisites
-------------
The following TAA Tools must be on your system:
CONARR Constant array
Implementation
--------------
Before the tool can be used in production, you must do the following
as a user with *ALLOBJ authority.
** Specify the valid libraries with the EDTCONARR command:
EDTCONARR DTAARA(TAASECURE/ACCSECLIB)
When the edit display appears, you should add your own libraries.
** The command and CPP are authorized to the TAAACCSECL
authorization list. A user must have *USE authority to the
list to use ACCSECLIB. You may use EDTAUTL for an edit
display or add the user with:
ADDAUTLE AUTL(TAAACCSECL) USER(xxx) AUT(*USE)
If you want to alter the list of the valid DSP commands that can be
used, see the discussion of how to modify any tool with the
CRTTAASRCF tool.
Testing
-------
As a suggestion for testing, a user with *ALLOBJ authority can place
the library name QGPL into the data area. This will allow other
users to try the ACCSECLIB using a library that is normally available
to the *PUBLIC.
Objects used by the tool
------------------------
Object Type Attribute Src member Src file
------ ----- --------- ---------- -----------
ACCSECLIB *CMD TAASECB QATTCMD
TAASECBC *PGM CLP TAASECBC QATTCL
|
