TAA Tools
CHKPUBAUTL      CHECK PUBLIC AUTHORITY TO AUTL         TAASEDZ

The Check  Public  Authority to  Authorization List  command checks  an
authorization list  to ensure: 1)  the *PUBLIC user is  *EXCLUDE and 2)
the   *PUBLIC   authorization  to   each   object  controlled   by  the
authorization list  matches  a command  option  (the default  is  *AUTL
meaning the *PUBLIC  user is controlled by the  authorization list).  A
spooled  file is  created with  the authorization list,  the controlled
objects and any exceptions.

The intent  of the command  is to  allow you  to check  for a  security
approach  that  uses  an  authorization list  to  control  objects  and
prevents  public access to the  objects.  You would  grant authority to
the authorization list for specific  users.  The listing describes  any
conditions  where  the  public  would  be  able  to  access  an  object
controlled by the list.

A  single  authorization list  may  be specified,  a  generic name,  or
*ALL.

You must have *ALLOBJ authority to use CHKPUBAUTL.

A typical command would be:

             CHKPUBAUTL   AUTL(xxx)

The  default is  to check the  objects authorized  to the authorization
list  for  the *PUBLIC  user  as  *AUTL  meaning  the  public  accesses
according to the authorization lists *PUBLIC authority.

A  spooled file  would be  created that  lists each  authorization list
and  the  controlled  objects.    Any  exceptions  are  noted in  print
positions 110 -  130.   A count of  the exceptions is  included in  the
completion message for the command.

Command parameters                                    *CMD
------------------

   AUTL          The name of  the Authorization List to be  checked.  A
                 generic name may be entered or *ALL.

   PUBOBJAUT     The  public  object  authority  to  check  for.    The
                 default is  *AUTL  meaning  the  public  user  of  the
                 object is controlled by the authorization list.

                 *EXCLUDE,  *CHANGE, or  *USE  may be  specified  which
                 have   the    same   meaning   as    on   any   object
                 authorization.

   TAASECOFR2    Whether   to  bypass  the   check  of  the  TAASECOFR2
                 authorization  list.    The  default  is   *YES  which
                 agrees  with the  way the  TAA Productivity  Tools are
                 shipped.

                 The  TAASECOFR2  authorization  list  is shipped  with
                 *PUBLIC having *CHANGE  authority.  The  authorization
                 list  is used  to  control the  use  of  the menu  for
                 devices  that are  in an  open  area.   *CHANGE allows
                 any  user  to  access   the  menu.    *USE   authority
                 requires  a  user  to  confirm   his  password  before
                 accessing the menu.

                 *NO  may be  specified to  cause  the normal  check of
                 the TAASECOFR2 authorization list.

Restrictions
------------

You must have *ALLOBJ authority to use CHKPUBAUTL.

Prerequisites
-------------

The following TAA Tools must be on your system:

     BLDPRTLIN       Build print line
     CHKALLOBJ       Check all object
     CHKGENERC       Check generic
     EDTVAR          Edit variable
     PRINT           Print
     RTVOBJAUT       Retrieve object authority
     SNDCOMPMSG      Send completion message
     SNDSTSMSG       Send status message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   CHKPUBAUTL    *CMD                   TAASEDZ       QATTCMD
   TAASEDZC      *PGM       CLP         TAASEDZC      QATTCL
   TAASEDZC2     *PGM       CLP         TAASEDZC2     QATTCL
   TAASEDZC3     *PGM       CLP         TAASEDZC3     QATTCL
					

Added to TAA Productivity tools May 1, 1998


Home Page Up to Top