ADPMBR Adopt Member

ADPMBR ADOPT MEMBER TAAMBRJ
The Adopt Member tool provides a solution for allowing end users (when using programs) to perform the typical member functions (add, remove, and clear) on files regardless of how the files are authorized. Three commands are provided: ADDPFMADP - Same as ADDPFM CLRPFMADP - Same as CLRPFM RMVMADP - Same as RMVM The commands all adopt an owner who has *ALLOBJ special authority. Each of the commands checks the specified file to ensure that it exists in the ADPMBR data area in TAASECURE. If the file is defined, the function is performed. If the file does is not defined, an escape message is issued. The Security Officer defines which files are valid by using the EDTCONARR TAA Tool command on the ADPMBR data area in TAASECURE. Normal security of files ------------------------ When a file is created, the default action allows a user to add, delete, or change records in an existing member. However, the default security does not allow a typical end user to add, clear, or remove a member. Any of these functions requires the *OBJMGT right. If the application requires the user to add, clear, or remove a member, there are several solutions: ** Give the *OBJMGT right for each file required to all users of the application ** Use a program that adopts authority ** Grant *ALLOBJ authority to the users None of these solutions is ideal. The ADPMBR tool provides an alternative solution which provides several advantages. ADPMBR Advantages ----------------- ** The file authorization does not need to change from the default used on the Create command. This prevents any user from specifying one of the 3 system member commands (ADDPFM, CLRPFM, RMVM) unless he is the owner or has *ALLOBJ authority. ** The 3 commands provided by the tool can only be used in a program (they are arbitrarily restricted so that they cannot be used from a command entry display). This prevents the casual use by an end user (it is possible for an end user to directly call one the CPPs provided if the proper parameter list is passed). ** The Security Officer decides what files are valid to be used by the 3 commands provided by the tool. The naming of a file can be done at any time (the file does not have to be closed to make an authorization change). ** The tool provides commands that are similar to the 3 system commands (all the same parameters and options exist). Security Officer actions ------------------------ The data area ADPMBR exists in TAASECURE and is shipped with a sample entry. The Security Officer enters the file names (and qualified library) that are valid to be used by the 3 commands provided by the ADPMBR tool. The ADPMBR data area is maintained with the EDTCONARR TAA command (part of the CONARR TAA Tool): EDTCONARR DTAARA(TAASECURE/ADPMBR) When the edit display appears, a 20 character value should be entered with the file name in the first 10 bytes and the library in the second 10 bytes. Up to 45 files may be entered. It is possible to use the special values *LIBL or *CURLIB as the library qualifier. In fact, either function may be helpful to allow the same file to exist in different libraries and be controlled by the users library list. All 3 of the commands provided by the tool default the library qualifier to *LIBL. Thus if ADDPFMADP is specified as: ADDPFMADP FILE(FILEX) MBR(MBR1) ADDPFMADP will search the ADPMBR data area for the file named: 'FILEX *LIBL ' If the file is not defined in the data area, an escape message is sent. It is possible to enter the same file name using both a qualified name and the special values. Thus the ADPMBR data area might contain values such as: 'FILEX *LIBL ' 'FILEX *CURLIB ' 'FILEX LIB1 ' 'FILEY LIB2 ' The only significant requirement is that the entry in the data area must match exactly what is specified on the commands provided by the tool. Note that you must provide a library value in the ADPMBR data area (a blank value will not allow any of the 3 tool commands to operate properly). When the Security Officer has defined a file, he can then inform the programmers that they may use the 3 tool commands in their application programs for that file. Example ------- Assume the application needs to allow end users to add, remove, or clear a member during a program. The file is created with the normal security defaults (meaning the *OBJMGT right is restricted to the owner or a user with *ALLOBJ authority). The Security Officer uses EDTCONARR as described previously to enter the file name into the ADPMBR data area in TAASECURE. The value appears as: 'WRKFILE *LIBL ' The programmers may now use any of the 3 tool commands in their programs: ADDPFMADP FILE(WRKFILE) MBR(MBRX) . . CLRPFMADP FILE(WRKFILE) MBR(MBRX) . . RMVMADP FILE(WRKFILE) MBR(MBRX) Escape messages you may monitor for ----------------------------------- The following special TAA messages are provided: TAA9896 The file name does not exist in the ADPMBR data area TAA9893 The file name exists in the ADPMBR data area, but the actual file cannot be found. An internal CHKOBJ command is used to determine if the file exists. TAA9897 Used by ADDPFMADP when the member already exists in the file. TAA9895 Used by CLRPFMADP and RMVMADP when the member does not exist in the file. System escape messages may also occur such as if the member is allocated and cannot be cleared. These are the normal escape messages sent by the system commands that will be resent to your program. ADDPFMADP Command parameters *CMD ---------------------------- FILE The qualified file name. The library value defaults to *LIBL. *CURLIB may also be specified. MBR The member to be added. TEXT The member text to be used. The default is *BLANK. EXPDATE The member expiration date. The default is *NONE. SHARE Whether the open data path is to be opened shared. This is a *YES/*NO value that defaults to *NO. SRCTYPE The source type if a source file is used. The default is *NONE. CLRPFMADP Command parameters *CMD ---------------------------- FILE The qualified file name. The library value defaults to *LIBL. *CURLIB may also be specified. MBR The member to be cleared. The default is *FIRST. The special value *LAST may also be used. RMVMADP Command parameters *CMD -------------------------- FILE The qualified file name. The library value defaults to *LIBL. *CURLIB may also be specified. MBR The member to be removed. A generic name or the special value *ALL may also be entered. Restrictions ------------ The CONARR tool allows up to 45 files to be described. Prerequisites ------------- The following TAA Tools must be on your system: CONARR Constant array Implementation -------------- The tool is ready to use, but the Security Officer must first make entries into the ADPMBR data area in TAASECURE using EDTCONARR to define the valid files (see previous discussion). Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- ADDPFMADP *CMD TAAMBRJ QATTCMD CLRPFMADP *CMD TAAMBRJ2 QATTCMD RMVMADP *CMD TAAMBRJ3 QATTCMD TAAMBRJC *PGM CLP TAAMBRJC QATTCL TAAMBRJC2 *PGM CLP TAAMBRJC2 QATTCL TAAMBRJC3 *PGM CLP TAAMBRJC3 QATTCL Structure --------- ADDPFMADP Cmd TAAMBRJC CL pgm CLRPFMADP Cmd TAAMBRJC2 CL pgm RMVMADP Cmd TAAMBRJC3 CL pgm


ADPMBR ADOPT MEMBER TAAMBRJ
The Adopt Member tool provides a solution for allowing end users (when using programs) to perform the typical member functions (add, remove, and clear) on files regardless of how the files are authorized. Three commands are provided: ADDPFMADP - Same as ADDPFM CLRPFMADP - Same as CLRPFM RMVMADP - Same as RMVM The commands all adopt an owner who has ALLOBJ special authority. Each of the commands checks the specified file to ensure that it exists in the ADPMBR data area in TAASECURE. If the file is defined, the function is performed. If the file does is not defined, an escape message is issued. The Security Officer defines which files are valid by using the EDTCONARR TAA Tool command on the ADPMBR data area in TAASECURE. Normal security of files ------------------------ When a file is created, the default action allows a user to add, delete, or change records in an existing member. However, the default security does not allow a typical end user to add, clear, or remove a member. Any of these functions requires the OBJMGT right. If the application requires the user to add, clear, or remove a member, there are several solutions: ** Give the OBJMGT right for each file required to all users of the application * Use a program that adopts authority ** Grant ALLOBJ authority to the users None of these solutions is ideal. The ADPMBR tool provides an alternative solution which provides several advantages. ADPMBR Advantages ----------------- * The file authorization does not need to change from the default used on the Create command. This prevents any user from specifying one of the 3 system member commands (ADDPFM, CLRPFM, RMVM) unless he is the owner or has ALLOBJ authority. * The 3 commands provided by the tool can only be used in a program (they are arbitrarily restricted so that they cannot be used from a command entry display). This prevents the casual use by an end user (it is possible for an end user to directly call one the CPPs provided if the proper parameter list is passed). The Security Officer decides what files are valid to be used by the 3 commands provided by the tool. The naming of a file can be done at any time (the file does not have to be closed to make an authorization change). The tool provides commands that are similar to the 3 system commands (all the same parameters and options exist). Security Officer actions ------------------------ The data area ADPMBR exists in TAASECURE and is shipped with a sample entry. The Security Officer enters the file names (and qualified library) that are valid to be used by the 3 commands provided by the ADPMBR tool. The ADPMBR data area is maintained with the EDTCONARR TAA command (part of the CONARR TAA Tool): EDTCONARR DTAARA(TAASECURE/ADPMBR) When the edit display appears, a 20 character value should be entered with the file name in the first 10 bytes and the library in the second 10 bytes. Up to 45 files may be entered. It is possible to use the special values LIBL or CURLIB as the library qualifier. In fact, either function may be helpful to allow the same file to exist in different libraries and be controlled by the users library list. All 3 of the commands provided by the tool default the library qualifier to LIBL. Thus if ADDPFMADP is specified as: ADDPFMADP FILE(FILEX) MBR(MBR1) ADDPFMADP will search the ADPMBR data area for the file named: 'FILEX LIBL ' If the file is not defined in the data area, an escape message is sent. It is possible to enter the same file name using both a qualified name and the special values. Thus the ADPMBR data area might contain values such as: 'FILEX LIBL ' 'FILEX CURLIB ' 'FILEX LIB1 ' 'FILEY LIB2 ' The only significant requirement is that the entry in the data area must match exactly what is specified on the commands provided by the tool. Note that you must provide a library value in the ADPMBR data area (a blank value will not allow any of the 3 tool commands to operate properly). When the Security Officer has defined a file, he can then inform the programmers that they may use the 3 tool commands in their application programs for that file. Example ------- Assume the application needs to allow end users to add, remove, or clear a member during a program. The file is created with the normal security defaults (meaning the OBJMGT right is restricted to the owner or a user with ALLOBJ authority). The Security Officer uses EDTCONARR as described previously to enter the file name into the ADPMBR data area in TAASECURE. The value appears as: 'WRKFILE LIBL ' The programmers may now use any of the 3 tool commands in their programs: ADDPFMADP FILE(WRKFILE) MBR(MBRX) . . CLRPFMADP FILE(WRKFILE) MBR(MBRX) . . RMVMADP FILE(WRKFILE) MBR(MBRX) Escape messages you may monitor for ----------------------------------- The following special TAA messages are provided: TAA9896 The file name does not exist in the ADPMBR data area TAA9893 The file name exists in the ADPMBR data area, but the actual file cannot be found. An internal CHKOBJ command is used to determine if the file exists. TAA9897 Used by ADDPFMADP when the member already exists in the file. TAA9895 Used by CLRPFMADP and RMVMADP when the member does not exist in the file. System escape messages may also occur such as if the member is allocated and cannot be cleared. These are the normal escape messages sent by the system commands that will be resent to your program. ADDPFMADP Command parameters CMD ---------------------------- FILE The qualified file name. The library value defaults to LIBL. CURLIB may also be specified. MBR The member to be added. TEXT The member text to be used. The default is BLANK. EXPDATE The member expiration date. The default is NONE. SHARE Whether the open data path is to be opened shared. This is a YES/NO value that defaults to NO. SRCTYPE The source type if a source file is used. The default is NONE. CLRPFMADP Command parameters CMD ---------------------------- FILE The qualified file name. The library value defaults to LIBL. CURLIB may also be specified. MBR The member to be cleared. The default is FIRST. The special value LAST may also be used. RMVMADP Command parameters CMD -------------------------- FILE The qualified file name. The library value defaults to LIBL. CURLIB may also be specified. MBR The member to be removed. A generic name or the special value ALL may also be entered. Restrictions ------------ The CONARR tool allows up to 45 files to be described. Prerequisites ------------- The following TAA Tools must be on your system: CONARR Constant array Implementation -------------- The tool is ready to use, but the Security Officer must first make entries into the ADPMBR data area in TAASECURE using EDTCONARR to define the valid files (see previous discussion). Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- ADDPFMADP CMD TAAMBRJ QATTCMD CLRPFMADP CMD TAAMBRJ2 QATTCMD RMVMADP CMD TAAMBRJ3 QATTCMD TAAMBRJC PGM CLP TAAMBRJC QATTCL TAAMBRJC2 PGM CLP TAAMBRJC2 QATTCL TAAMBRJC3 *PGM CLP TAAMBRJC3 QATTCL Structure --------- ADDPFMADP Cmd TAAMBRJC CL pgm CLRPFMADP Cmd TAAMBRJC2 CL pgm RMVMADP Cmd TAAMBRJC3 CL pgm

Added to TAA Productivity Tools May 1, 1996

Home Page

Last modified on January 12, 2010