SWPUSRPRF SWAP USER PROFILE TAASEHC
The Swap User Profile command allows a swap to a user profile and
runs a command under the new user profile. You must have *USE
authority to the new user profile, but the authority may be adopted.
When the command completes (either normally or abnormally), a special
'scope' program is used to ensure a swap back occurs to the original
profile. Among other uses, SWPUSRPRF allows a means of adopting when
using IFS objects.
A typical use of SWPUSRPRF is when operating on a secured IFS object
and you want to allow any authorized user of a program to have access
to the IFS object. Program adoption cannot be used when operating on
IFS objects, but swapping the profile will allow the function to be
For example, assume your IFS object is owned by USERA and you want
USERB to operate on the IFS object without directly authorizing USERB
to the IFS object. As USERA, you would create the program using
USRPRF(*OWNER). The program would contain the SWPUSRPRF command such
SWPUSRPRF USRPRF(USERA) CMD('xxx'))
You would make the program PUBLIC(*EXCLUDE) and authorize USERB to
When USERB runs the program, the SWPUSRPRF command checks to see if
the user of the program has *USE authority to USERA. Because the
program was created by USERA and adopts authority, the user is
SWPUSRPRF places a special 'scope' program is placed on the program
invocation stack and the system ensures the program will be run. The
command (including the CALL command) specified in the CMD parameter
would be run using the profile USERA. When the command completes,
the special 'scope' program is run and the profile is swapped back to
A profile such as QSECOFR could also be used as the profile to swap
Any error handling for your command should be handled normally as if
you had coded the command directly and not used the SWPUSRPRF command
SWPUSRPRF USRPRF(xxx) CMD('DLTIFS xxx')
MONMSG MSGID(TAA9895) EXEC(DO) /* None to delete */
The SWPUSRPRF CPP uses the following APIs.
** QSYGETPH is used to get the 'handle' of the current user
profile. *NOPWDCHK is specified.
** QMHSNDSM is used to place the 'scope' program TAASEHCC2 on the
** QSYGETPH is used to get the 'handle' of the user profile to be
swapped to. *NOPWDCHK is specified.
** QWTSETP is used to swap to the new profile.
The TAASEHCC2 program uses:
** QWTSETP to swap back to the original profile.
** QSYRLSPH to release the handle.
SWPUSRPRF escape messages you can monitor for
CPF9898 No *USE authority to the profile
Escape messages from based on functions will be re-sent.
Command parameters *CMD
USRPRF The user profile to be swapped to. The user of the
command must have *USE authority to the user
profile. The authority may be adopted.
CMD The command to be run (including the CALL command).
Up to 32000 bytes may be entered. This allows for
expansion which may be done by the command analyzer.
When the command prompter is used for SWPUSRPRF and a command is
entered in the CMD parameter, F4 may be used to prompt for the
keywords (similar to prompting for the CMD value on SBMJOB).
If SWPUSRPRF is entered into a CL program and the user should be
prompted to enter the keywords for a specific command, enter a
preceding ? such as '?CHGUSRPRF'.
The user of the program must have *USE authority to the program.
The authority may be adopted.
The following TAA Tools must be on your system:
CHKOBJ3 Check object 3
RSNALLMSG Resend all messages
RSNLSTMSG Resend last message
SNDESCINF Send escape information
SNDESCMSG Send escape message
None, the tool is ready to use.
Objects used by the tool
Object Type Attribute Src member Src file
------ ---- --------- ---------- ----------
SWPUSRPRF *CMD TAASEHC QATTCMD
TAASEHCC *PGM CLP TAASEHCC QATTCL
TAASEHCC2 *PGM CLP TAASEHCC2 QATTCL
TAASEHCC CL pgm - Places the TAASEHCC2 program on the stack
Added to TAA Productivity tools June 30, 2007