TAA Tools
PROLIB          PROTECT LIBRARY                        TAALIDL

The Protect  Library tool  helps prevent  specified critical  libraries
from an accidental  use of CLRLIB or DLTLIB.   The tool uses the system
provided  command exit  program technique.   In addition  to CLRLIB and
DLTLIB, the  TAA Tools  CLRLIB2 and DLTLIB2  are also  protected.   Not
even an  *ALLOBJ user will  be able to  accidentally clear or  delete a
protected library.

The  'Command Analyzer Retrieve Exit Program'  function provided by the
system is  designed  to  allow an  exit  program to  occur  before  the
command is executed.   The Protect Library (PROLIB) tool  allows you to
identify the libraries that should be protected.

A  different API that allows  command changes is  the 'Command Analyzer
Change Program'.  This API has  several restrictions such as not  being
used when  a command  is library  qualified.  See  the discussion  with
the  CMDEXIT TAA Tool.   The  'Command Analyzer Retrieve  Exit Program'
function  does not  have the same  restrictions.  The  PROLIB tool will
protect a library regardless of how it is specified such as:

             CLRLIB     LIB(ABC)
             CLRLIB     ABC
        QSYS/CLRLIB     ABC
             CALL       QCMDEXC PARM('CLRLIB ABC' 10)

The protection also  occurs for commands in  CL programs.  Note  that a
RST command is not checked.

PROLIB tool demonstration
-------------------------

You  should perform this  simple demonstration  to get  acquainted with
the  tool and how  it works.   You must have  *ALLOBJ special authority
to run the demonstration.

  **   The PROLIB files must be created with the command:

             CRTPROLIBD

       This  creates  the  files  PROLIBP  and  PROLIBL  in  the   QGPL
       library.    The   files  are  created  to   allow  *PUBLIC  *USE
       authority,  but only  the owner  or an  *ALLOBJ user  can change
       the  data  in  the  file.    Other  users  may  be  specifically
       authorized to *CHANGE authority.

  **   For this  demonstration, create a  new library  (ABC is used  in
       the examples).

             CRTLIB     LIB(ABC) TEST('PROLIB test')

  **   Use WRKPROLIB to access the work display.

             WRKPROLIB

  **   Use  F6 to  add the new  library ABC.   The  default is  for the
       protect  value to be *YES.  A  text discussion may be entered of
       why the protection value is set  one way or the other.   Enter a
       minimal  amount of  text.   Press Enter  to add  the  record and
       then F3 to return to the work display.

  **   The work display describes the library and protection value.

  **   Option  2 will let you change the  protection value and the text
       discussion.   Both  Options 2  and  5 also  provide  information
       about the user who made the last change to the record.

       Option 9  is a  toggle switch  to simplify  making a change  for
       the protection  value for *YES to *NO or *NO  to *YES.  The text
       discussion is not changed.   Give it a  try on the ABC  library.
       Be sure the  value is reset  to *YES before ending  the display.

       Return to a command entry display.

  **   Test the function with the command CHKPROLIB:

             CHKPROLIB  LIB(ABC)

  **   You  should  see  an  escape  message that  describes  that  the
       library is protected.

  **   If  you specify a  library that is not  described to the PROLIBP
       file or  the  protection value  is  *NO, the  command  completes
       normally.  Try it on a library such as QTEMP.

             CHKPROLIB  LIB(QTEMP)

  **   You  should see  the command  complete normally.    A completion
       message  is sent  when using  CHKPROLIB to describe  the results
       if no checking occurred.

  **   Both the  TAA  Tools  CLRLIB2  and  DLTLIB2  use  the  CHKPROLIB
       command internally.  Try CLRLIB2:

             CLRLIB2    LIB(ABC)

       You should see the same failure message as previous.

  **   If  you  do not  want  to  implement  the PROLIB  function,  you
       should  delete the  PROLIB files  and stop  reading.   To delete
       the files, enter:

             DLTPROLIBD

  **   To fully  implement the  PROLIB function,  you need  to  protect
       the system commands  CLRLIB and DLTLIB  with the use of  an exit
       program.   This is done  by using the  system command ADDEXITPGM
       and  identifying  the  TAA  exit  program.    Because  these are
       complex commands  to enter, a  TAA program  exists which can  be
       called  which runs  the  required ADDEXITPGM  commands for  both
       CLRLIB and DLTLIB.  You may either call the program:

             CALL       TAALIDLC12

       or enter the following commands:

             ADDEXITPGM EXITPNT(QIBM_QCA_RTV_COMMAND) +
                          FORMAT(RTVC0100) PGMNBR(50) +
                          PGM(TAATOOL/TAALIDLC11) THDSAFE(*NO) +
                          TEXT('CLRLIB exit') CRTEXITPNT(*YES) +
                          PGMDTA(*JOB 20 'CLRLIB    QSYS      ')

             ADDEXITPGM EXITPNT(QIBM_QCA_RTV_COMMAND) +
                          FORMAT(RTVC0100) PGMNBR(51) +
                          PGM(TAATOOL/TAALIDLC11) THDSAFE(*NO) +
                          TEXT('DLTLIB exit') CRTEXITPNT(*YES) +
                          PGMDTA(*JOB 20 'DLTLIB    QSYS      ')

  **   You can see the exit points by entering:

             WRKREGINF

  **   There should be an entry for:

          QIBM_QCA_RTV_COMMAND

  **   Use  Option 8 (Work with  exit programs) on  that entry and roll
       until you see  exit program numbers  50 and 51.   These are  the
       entries that were added by the program TAALIDLC12.

  **   You can check  the results by trying to clear  and/or delete the
       test library:

             CLRLIB     ABC
             DLTLIB     ABC

  **   Both  commands should fail  with the same  message seen earlier.

  **   Use WRKPROLIB:

             WRKPROLIB

  **   Use Option  9  for  library ABC  which  changes  the  protection
       value to *NO.  Use F3 to end WRKPROLIB.

  **   Now try to delete the library:

             DLTLIB     ABC

  **   Because the library is  no longer protected, the library  can be
       cleared  or  deleted.    If  you  need  to  clear  or  delete  a
       protected library, just change the protected value.

  **   Use WRKPROLIB again:

             WRKPROLIB

       You  should  see the  highlighted text  describing that  the ABC
       library does  not exist.   You can  use Option  4 to delete  the
       record.   No  harm exists  to leave  the record  in the  file in
       case the library is created again.

  **   To  simplify adding libraries to  PROLIBP, the ADDPROLIB command
       may be  used.    It will  add  one  library, a  generic  set  of
       libraries,  or   all  libraries  on   the  system.     The  text
       discussion  value applies to  all libraries added.   Leaving the
       value blank should be considered when adding all libraries.

       For example, you can add the TAA libraries as:

            ADDPROLIB  LIB(TAA*) OPTION(*YES)

  **   All library  records  added will  have  the same  option.    The
       completion  message  describes how  many  library  records  were
       added.   If  a library  already exists  in the  file, it  is not
       changed and the protection value remains the same.

  **   If  you  add all  libraries, you  can  check what  new libraries
       were added by using:

            WRKPROLIB  CHGDAT(*TODAY)

       This provides a  convenient method of  reviewing what was  added
       on  a specific  date.   If  a library  no longer  exists, it  is
       highlighted  in the  Text description  using WRKPROLIB.   If the
       library is created again, the protection will apply.

       WRKPROLIB  also   supports  the   ability  to   select  on   the
       protection value.  *ALL is the default.

  **   If you  add *ALL libraries  or the  generic name Q*,  you should
       change  the QTEMP  library to  specify *NO as  there is  often a
       need to clear  QTEMP.   The QRCL  library (used  by RCLSTG)  may
       need to  be cleared periodically,  but you  may prefer to  leave
       the protection as *YES and make a change when needed.

       The  system prevents  the  use of  CLRLIB against  a  few system
       libraries such as QSYS and QRECOVERY.

       The  internal code for  CLRLIB2 and DLTLIB2  prevents the use of
       these commands on  a library that is  owned by a system  profile
       other than QPGMR.

       With the  exception of  QTEMP, it is  normally best to  have the
       system  libraries protected  unless you  have a  specific reason
       not to.

       Using Option  9 (Change  protection) simplifies  making  several
       changes, but  does not allow the  entry of a text  discussion as
       to why the protection was chosen.

  **   You  could  also  scan your  source  for  CLRLIB  and DLTLIB  to
       determine other libraries  that should  not be  protected.   The
       SCNALLSRC2 command  allows this  to be  done by  library or  for
       all libraries on the system:

             SCNALLSRC2  ARGUMENT((CLRLIB)(DLTLIB))
                           LIB(*ALL) TYPE(*ALL)

       This submits a  batch job to do the scan  of all source files in
       all  libraries.  A spooled file  will exist for each source file
       where an argument  was found.   It is  obviously a long  running
       function,  but  may assist  you  in  determining what  libraries
       should not be protected.

  **   A  CHGPROLIB command exists to change  the protection type for a
       library.     A  RTVPROLIB   command  exists   to  retrieve   the
       protection value  as well  as a  DLTPROLIB command  to delete  a
       library  record.   These  commands may  be used  instead  of the
       WRKPROLIB interactive function.

  **   If the  TAA Productivity  Tools are  installed and  the  TAATOOL
       library  is protected,  special code  changes  the value  before
       clearing  the  library  and  then  changes  it  back  after  the
       library  is cleared.   You may use a  similar technique for some
       libraries.

  **   You  have completed  the  test  of  PROLIB.   You  can  now  use
       ADDPROLIB/WRKPROLIB  to build  the  list of  libraries and  what
       should be protected.

Other comments
--------------

  **   The  CHKPROLIB  command supports  a constant  parameter  for the
       usage type  which is  passed as  *CMD to  the TAALIDLC5  program
       (the  CPP for  CHKPROLIB).   The  Exit  program calls  TAALIDLC5
       directly  and  passes *PGM  for  the constant  parameter.   This
       allows the  TAALIDLC5 program  to  distinguish between  the  two
       types so  that error messages  may be  sent correctly.   Sending
       escape   messages  from  the   exit  program   requires  special
       handling   because  the   system  ignores   any  typical  escape
       messages and the message  must be sent up  the stack and not  to
       the  calling program.   The  TAA9891  message ID  is the  escape
       message that is sent.

  **   The  CHKPROLIB command  will  send a  completion message  if the
       library does not exist or is not protected.

  **   A user attribute of TAAPROLIB  is used when the PROLIBP file  is
       created to  ensure correct  operations against  what could  be a
       user file name.

Commands supported
------------------

         CRTPROLIBD    Create Protected Library Description
         DLTPROLIBD    Delete Protected Library Description
         WRKPROLIB     Work Protected Library
         ADDPROLIB     Add Protected Library
         CHKPROLIB     Check Protected Library
         RTVPROLIB     Retrieve Protected Library
         CHGPROLIB     Change Protected Library
         DLTPROLIB     Delete Protected Library

CHKPROLIB escape messages you can monitor for
---------------------------------------------

      TAA9891    The library is protected

Escape messages from based on functions will be re-sent.

ADDPROLIB escape messages you can monitor for
---------------------------------------------

      TAA9892    All libraries already exist in PROLIBP

Escape messages from based on functions will be re-sent.

RTVPROLIB escape messages you can monitor for
---------------------------------------------

      TAA9893    The library record does not exist

Escape messages from based on functions will be re-sent.

CHGPROLIB escape messages you can monitor for
---------------------------------------------

      TAA9893    The library record does not exist

Escape messages from based on functions will be re-sent.

DLTPROLIB escape messages you can monitor for
---------------------------------------------

      TAA9893    The library record does not exist

Escape messages from based on functions will be re-sent.


CRTPROLIBD Command parameters                         *CMD
-----------------------------

   SRCLIB        The  source  library  to  use  for  the  QATTDDS  file
                 source.  The default is *TAAARC.

                 A specific user library may  be named, but the  source
                 file name must be QATTDDS.


DLTPROLIBD Command parameters                         *CMD
-----------------------------

No parameters exist.


WRKPROLIB Command parameters                          *CMD
----------------------------

   PROVAL        The protection value  to select.  *ALL is  the default
                 to select all records.

       *YES  may be  specified  to  select only  those  library records
       that are protected.

       *NO  may be specified to select  only those library records that
       are not protected.

   CHGDAT        The  change  date   of  the  library  records   to  be
                 displayed.   This allows a review of  what was changed
                 on  a specific date particularly  if you use ADDPROLIB
                 with LIB(*ALL) or a generic name.

                 *ALL  is   the   default  to   display   all   records
                 regardless of the change date.

                 A specific  date may be entered  in job format  or the
                 special value *TODAY meaning the current date.


ADDPROLIB Command parameters                          *CMD
----------------------------

   LIB           The  library to be  added as  a library record  in the
                 PROLIBP file.   A generic  name or  the special  value
                 *ALL for all libraries  may be entered.  If  a library
                 already  exists, the protection  value is  not changed
                 from its existing value.

   PROVAL        The  protection  value to  be set  for the  library or
                 libraries.

                 *YES  is the  default  to  prevent  the  library  from
                 being  cleared by  CLRLIB  or CLRLIB2  and to  prevent
                 the  library from being deleted  by DLTLIB or DLTLIB2.

                 *NO may  be  specified  to  allow the  library  to  be
                 cleared or deleted.

   DISCUSSION    The  text discussion  to  be added  for all  libraries
                 added.  Up to 200 characters may be specified.

                 The  text discussion  value  applies to  all libraries
                 added.  Leaving the  value blank should be  considered
                 when adding all libraries.


CHKPROLIB Command parameters                          *CMD
----------------------------

   LIB           The  library  to  be checked  to  see  if  it  can  be
                 cleared or deleted.

RTVPROLIB Command parameters                          *CMD
----------------------------

   LIB           The  library  to  retrieve  information for  from  the
                 PROLIBP file.

   PROVAL        The  library protection  value to  be returned.   This
                 is an optional  return variable that  if used must  be
                 specified as *CHAR LEN(4).

   DISC          The  return  value of  the  text  discussion that  was
                 entered   when  adding  or  changing   a  record  with
                 WRKPROLIB.  This is  an optional return variable  that
                 if used must be specified as *CHAR LEN(200).


CHGPROLIB Command parameters                          *CMD
----------------------------

   LIB           The library name  to change the protection  value for.

   PROVAL        The library protection value to be assigned.

                 *YES  is  the  default  to  prevent  the library  from
                 being cleared  by CLRLIB  or  CLRLIB2 and  to  prevent
                 the library from  being deleted by DLTLIB  or DLTLIB2.

                 *NO  may  be  specified to  allow  the  library to  be
                 cleared or deleted.


DLTPROLIB Command parameters                          *CMD
----------------------------

   LIB           The  library name  to delete  the corresponding record
                 for in the PROLIBP file.


Restrictions
------------

Only a user with *ALLOBJ authority may use CRTPROLIBD.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CHGOBJD2        Change object description 2
     CHKDBFMBR       Check data base file member
     CPYTAADDS       Copy TAA DDS source
     EDTVAR          Edit variable
     RSNLSTMSG       Resend last message
     RTVDAT          Retrieve date
     SNDCOMPMSG      Send completion message
     SNDESCINF       Send escape information
     SNDESCMSG       Send escape message
     SNDESCMSG5      Send escape message 5
     SNDSTSMSG       Send status message
     UPDPFILE        Update PFILE keyword

Implementation
--------------

See the section on 'PROLIB tool demonstration'.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   CRTPROLIBD    *CMD                   TAALIDL       QATTCMD
   DLTPROLIBD    *CMD                   TAALIDL2      QATTCMD
   ADDPROLIB     *CMD                   TAALIDL3      QATTCMD
   WRKPROLIB     *CMD                   TAALIDL4      QATTCMD
   CHKPROLIB     *CMD                   TAALIDL5      QATTCMD
   RTVPROLIB     *CMD                   TAALIDL6      QATTCMD
   CHGPROLIB     *CMD                   TAALIDL7      QATTCMD
   DLTPROLIB     *CMD                   TAALIDL8      QATTCMD
   TAALIDLC      *PGM       CLP         TAALIDLC      QATTCL
   TAALIDLC2     *PGM       CLP         TAALIDLC2     QATTCL
   TAALIDLC3     *PGM       CLP         TAALIDLC3     QATTCL
   TAALIDLC4     *PGM       CLP         TAALIDLC4     QATTCL
   TAALIDLC5     *PGM       CLP         TAALIDLC5     QATTCL
   TAALIDLC6     *PGM       CLP         TAALIDLC6     QATTCL
   TAALIDLC7     *PGM       CLP         TAALIDLC7     QATTCL
   TAALIDLC8     *PGM       CLP         TAALIDLC8     QATTCL
   TAALIDLC11    *PGM       CLP         TAALIDLC11    QATTCL
   TAALIDLC12    *PGM       CLP         TAALIDLC12    QATTCL
   TAALIDLR3     *PGM       RPG         TAALIDLR3     QATTRPG
   TAALIDLR4     *PGM       RPG         TAALIDLR4     QATTRPG
   TAALIDLR6     *PGM       RPG         TAALIDLR6     QATTRPG
   TAALIDLP      *FILE      PF          TAALIDLP      QATTDDS
   TAALIDLL      *FILE      LF          TAALIDLL      QATTDDS
   TAALIDLD      *FILE      DSPF        TAALIDLD      QATTDDS

Structure
---------

CRTPROLIBD  Cmd
   TAALIDLC   CL pgm

DLTPROLIBD  Cmd
   TAALIDLC2  CL pgm

ADDPROLIB   Cmd
   TAALIDLC3  CL pgm
     TAALIDLR3  RPG pgm

WRKPROLIB   Cmd
   TAALIDLC4  CL pgm
     TAALIDLR4  RPG pgm
       TAALIDLD   Dsp file

CHKPROLIB   Cmd
   TAALIDLC5  CL pgm   (also used via the Exit program)

RTVPROLIB   Cmd
   TAALIDLC6  CL pgm
     TAALIDLR6  RPG pgm

CHGPROLIB   Cmd
   TAALIDLC7  CL pgm
     TAALIDLR6  RPG pgm  (same program used by RTVPROLIB)

DLTPROLIB   Cmd
   TAALIDLC8  CL pgm
     TAALIDLR6  RPG pgm  (same program used by RTVPROLIB)

TAALIDLC11  CL Pgm specified as the command exit which calls TAALIDLC5

TAALIDLC12  CL Pgm used for ADDEXITPGM
					

Added to TAA Productivity tools October 15, 2010


Home Page Up to Top