TAA Tools
TAA Productivity Tools Security Discussion
General statement

The TAA Productivity Tools are designed so that their use does not
violate any system security functions. Objects and data are read using
standard system interfaces such as system commands, system APIs, CL,
and RPG.

The tools are tested at Level 40 security. No violations exist.

Any design errors should be reported immediately to the TAA
Productivity Tools owner.

Your security responsibility

There are no known security exposures to installing the TAA
Productivity Tools on your system. The TAA Tools that are security
sensitive are controlled as described later.

Many TAA Tools exist that can assist you in evaluating and maintaining
system security.

Your responsibilities to ensure a secure system when using the TAA
Tools are:

-   Use at least Level 30 Security. As on any system that is
    interested in good security, Level 40 is recommended.

-   Follow normal good guidelines for installation security. This
    includes such things as minimizing the number of users with
    special authorities (such as *ALLOBJ, *SECADM, or *SERVICE) and
    properly authorizing the security sensitive TAA Tools.

    You are placing complete trust in any user who is given *ALLOBJ
    special authority. You should not assume that even though this
    user may not have *SECADM or *SERVICE that you are protected.

-   Ensure that any system commands that are changed to provide such
    functions as a validation program are rigidly controlled.

-   Ensure that no libraries exist before QSYS on the library list or
    that you rigidly control what exists in those libraries. See the
    later discussion of this.

-   Several TAA Authorization Lists (*AUTL) exist. These allow you to
    authorize users to certain functions and retain the authorizations
    even though a new version of the tools is installed. *ALLOBJ users
    are implicitly authorized to these *AUTLs.

    Tools which use the *AUTLs are generally security sensitive.

    The *AUTL objects are shipped with the *PUBLIC user as *EXCLUDE.
    Allowing the *PUBLIC any authority except *EXCLUDE could
    compromise security. Use the CHKTAAAUTL command to ensure that
    *PUBLIC *EXCLUDE is still specified or you have explicit reasons
    for making a change.

-   If you change the source and re-create any of the tools, you are
    responsible for the integrity of the tool. For most changes, you
    should be able to follow the security designed into the tools.

-   Consider the HELPTAA options on Backup and Disaster Recovery.

-   Security is also provided by the CRTTAATOOL command which creates
    the objects with the intended protection. If you intend to
    re-create part of a tool, you should use CRTTAATOOL to re-create
    the entire tool.


Almost all TAA Productivity Tools libraries and objects are shipped as
owned by QSECOFR.

The TAAJOBCTL user profile is created at the time of install if it
does not already exist. One or more programs are changed so that
TAAJOBCTL becomes the owner. This allows adopting only *JOBCTL special
authority instead of all of the special authorities of QSECOFR.

At the completion of the TAA install, the profile will be:


The UPSMON job description (*JOBD) is shipped with a USRPRF value of
QPGMR which is required for an auto start job. The *JOBD is shipped as
*PUBLIC *EXCLUDE. See the discussion of UPSMON in this document.

You should not change the ownership of the tools.

*PUBLIC *CHANGE authority

Most TAA objects allow the *PUBLIC user *USE authority or are
specified as *EXCLUDE. A few objects allow *CHANGE authority. None of
these objects are considered to have a security or integrity issue.

The following objects allow *CHANGE authority:

-   TAASTDBA and TAASTDBK *FILE objects. These are used as test data
    for the DMOSUBF tool. A program exists (TAASTDBC2) that will
    refresh the data.

-   SAVACTRCV and SAVACTRCV2 *MSGQ objects. These message queues are
    used for recovery purposes by the SAVACT tool. The queues are
    cleared by the SAVALLACT or SAVCHGACT commands before submitting
    the processing program to batch. Since the system must be shutdown
    to the restricted state before running either SAVALLACT or
    SAVCHGACT, there is little exposure to allowing *CHANGE authority.

Some *MSGQ objects appear as 'USER DEF'. The message queues allow
*PUBLIC *OBJOPR and *ADD rights in order to allow the *PUBLIC user to
send a message to the queue.

How Security is controlled

Most tools have no specific security considerations. They use normal
system security for accessing and updating objects.

There are several security sensitive tools that exist in the TAATOOL
library. These tools are controlled by one or more of the following:

-   The user must be authorized to an authorization list.

    For example, the INZPWD tool allows a user other than the Security
    Officer to initialize a password. The user must be authorized to
    the TAAINZPWD authorization list to use INZPWD.

-   The user must have *ALLOBJ authority.

    For example, the CHKTAAPRD tool allows a user to check against all
    libraries on the system. To perform an accurate check, any private
    libraries must be accessed.

-   An overt act by the Security Officer is needed such as changing a
    secure system value.

    For example, the DSPPWD tool which displays users passwords will
    not be operational unless the Security Officer changes the
    QPWDVLDPGM system value to name the supplied program. The supplied
    program captures the password when the user makes a change.

-   Instructions exist with the tool that describe how to control
    security. Some tools use objects in the TAASECURE library.

    For example, the DSAUSRPRF tool will allow an Assistant Security
    Officer to disable any user profile if the Assistant Security
    Officer is authorized to the TAADSAPRF authorization list. QSECOFR
    is never allowed to be disabled. Other profiles may be prevented
    from being disabled by the Security Officer entering the names
    into the DSAUSRPRF data area in TAASECURE. See the discussion with
    the DSAUSRPRF tool.

Checking TAA Security

The CHKTAAAUT command may be used to check the current authority on
your system against the authority shipped with the TAA Productivity

CHKTAAAUT (using the defaults) will check all authorities to TAA
objects in TAATOOL and TAASECURE and the TAA Authorization Lists in
QSYS. It will also check the authorities for command objects that are
outside of TAATOOL and TAASECURE. Any non *CMD TAA objects that are
outside of TAATOOL and TAASECURE will be flagged.

Deleting security sensitive tools

With proper security in place, the tools that create and change user
profiles may safely exist and be used. However, some installations may
prefer to delete these tools to avoid any possibility of their use.

To assist in this, the DLTSECTOOL is available which will delete any
significant tools that create or change user profiles. You must have
*ALLOBJ and *SECADM special authority to delete these tools or create
them if they have been deleted.

Using DLTSECTOOL will lessen security exposures, but it does not
eliminate what an *ALLOBJ special authority user might do.

Tools that adopt the authority of QSECOFR

Some tools require that the owner's profile (QSECOFR) be adopted
during the running of a program.

All of the programs that adopt the QSECOFR profile do so in a manner
that is designed to perform only the intended function and to prevent
improper use. 'Preventing improper use' means that the programs do one
or more of the following:

-   Execute HLL compiler generated functions that do not invoke any
    user written sub-programs. For example, the CL command CHGDTAARA
    is considered safe as well as an RPG READ or CHAIN Operation.

-   Execute system commands or programs (e.g. APIs).

-   Execute TAA commands by library qualifying the commands to the
    TAATOOL library. TAA commands use a qualified library name. The
    commands executed in this manner are checked so they are
    considered safe.

-   Execute qualified calls to programs in TAATOOL or TAASECURE. The
    sub-programs that are executed also meet these criteria. For
    example, calling a sub program that is library qualified to the
    TAATOOL library is considered a safe function if the sub-program
    performs safe functions.

-   Execute against files that are specified with an Override command
    that specifies SECURE(*YES). This prevents a program higher in the
    program stack from re-directing the program to a different file.

-   Execute TAA commands or programs by first using a program that
    'unadopts'. This means that when the sub-function is run, the user
    operates with his own authority and the program adopt function is
    not considered.

-   All TAA Tool programs are created (by default) so there is no
    observability. This prevents the user from using debug and
    subverting the functions of the programs.

The reason that you must control the system portion of the library
list is that the TAA tools use system commands and APIs without using
QSYS as a library qualifier. If you allow users to have their own
version of a system function ahead of QSYS on the library list, your
security can be compromised with the TAA tools that adopt the security
officer profile (or with any of your own programs that use program

Several TAA Archive programs adopt the Security Officers profile in a
safe manner. These programs are not described further because only the
object code is shipped.

The following tools use the USRPRF(*OWNER) adopt function and must be
owned by a user with special authority. Some of the tools take their
authorization from an authorization list and some must be explicitly
authorized. The 'AUT' column describes the required authorization.

    Tool        AUT         Notes        List
    ----        ---         -----    ------------

    ACCSECLIB   *USE           4
    ADDJOBSCD2  *USE          38      TAAJOBSCDE
    ADPMBR      *USE           9
    ALCTMPMBR   *USE           7
    APYRMTJRN   *USE          67
    AUDLOG      *USE          33      TAAAUDLOG
    CAPNETA     *USE          14
    CAPSECINF   *USE          81
    CAPSYSINF   *USE          82
    CHGBIGPARM  *USE                  TAACHGBIGP
    CHGDSTPWD2  *USE          71      TAADSTPWD2
    CHGGRPPRF   *USE           5
    CHGSGNTXT   *USE          65
    CHGUSRPRF2  *USE                  TAACHGPRF2
    CHGUSRPWD   *USE          12
    CHKASPSTG   *USE          78
    CHKINACT2   *USE          92
    CHKSAVDEV   *USE          16
    CHKSGNCNT   *USE          64
    CHKSPELL    *USE          17
    CHKSPELL2   *USE          17
    CHKTAAOWN   *USE          97
    CHKTAATOOL  *USE          15
    CHKUSRGRP   *USE         101      TAACHKUSRG
    CLNTAATEMP  *USE                  TAACLNTEMP
    CMPDBF2     *USE          94
    CMPSRC3     *USE          85
    CPYUSRPRF2  *USE          31      TAACPYUSR2
    CRTVTP      *USE          90      TAAVTP
    CVTAUDLOG3  *USE                  TAAAUDLOG
    CVTIFS      *USE          73      TAACVTIFS
    CVTIFSEAUT  *USE          74      TAACVTIFS
    CVTFRMSPLF  *USE          43      TAACVTSPLF
    CVTJOBSCDE  *USE          38
    CVTLIBCNT   *USE                  TAADSPADP
    CVTLIBDBF   *USE                  TAACVTLIBD
    CVTQHST     *USE                  TAACVTQHST
    DLTIFS      *USE                  TAACVTIFS
    DLTJOBLOG   *USE                  TAACVTQHST
    DLTQHST     *USE                  TAADLTQHST
    DLTUSRPRF2  *USE                  TAADLTUSR2
    DLYCMD      *USE          56
    DSAUSRPRF   *USE                  TAADSAPRF
    DSPADP      *USE                  TAADSPADP
    DSPALLSPLF  *USE          46      TAAALLSPLF
    DSPCMDHLP   *USE          77
    DSPDSTQ     *USE          99
    DSPGRPPRF   *USE          91
    DSPJOB3     *USE          57
    DSPJOBLOG4  *USE          89      TAASPLSEC
    DSPJRNA     *USE          95
    DSPJRNRCVD  *USE          95
    DSPLIBSRCF  *USE          18
    DSPOBJD4    *USE          18      TAADSPOBJ4
    DSPPWD      *USE           2
    DSPQHST2    *USE                  TAACVTQHST
    DSPSECRVW   *USE                  TAASECRVW
    DSPSPLF2    *USE          28
    DSPSYS      *USE          19
    DSPUSRJOB   *USE          84      TAAJOBCTL
    DSPUSRPRF2  *USE                  TAADSPUSR2
    DSPUSRTXT   *USE          72
    DSPWTR      *USE         100
    DTAARAARC   *USE          98
    DUPFILFMT2  *USE         102      TAADBOHC2
    DUPSPLF     *USE          30      TAADUPSPLF
    DUPTAADBF   *USE          68
    EDTAUTL2    *USE          58
    EDTDBF      *USE          48      TAAEDTDBF
    EDTOBJAUT2  *USE          59
    ENAUSRPRF   *USE                  TAAENAUSR
    ENDTAALIC   *USE          86
    EXCJOBCTL   *USE          36      TAAJOBCTL
    FRCJOBLOG   *USE           3
    INZPWD      *USE                  TAAINZPWD
    JOBACG      Varies        35      TAAJOBACG
    JOBANZ      Varies
    JOBDEP      Varies        63
    JOBTALK     Varies        37      TAAJOBTALK
    LMTDLTSPL2  *USE          22
    LOCKMSG     *USE           1
    MTNALLJRN   *USE          70      TAAMTNJRN
    NBRCTR      *USE          50
    NAMADR      *USE          26
    NTEFIL      *USE          79
    PAGSEP      *USE          41
    JOBANZ      *USE          83
    PRTJOBSUM   *USE          52      TAACVTQHST
    PRTLIBCNT   *USE          44      TAADSPADP
    PRTSAVCNT   *USE          44      TAADSPADP
    PRTSAVLBL   *USE          42
    RCLSTG2     *USE          54      TAARCLSTG2
    RMVSYSLIBE  *USE          13
    QRYUSE      *USE          96
    RSTALLCHG   *USE                  TAARSTALLC
    RSTALLLIB   *USE                  TAARSTALLC
    RSTANYLIB   *USE                  TAARSTANYL
    RSTMNYCHG   *USE                  TAARSTALLC
    RSTMNYLIB   *USE                  TAARSTALLC
    RSTFIL      *USE           8      TAARSTFIL
    RTVHDWRSC   *USE          47
    RTVIFSEAUT  *USE          61
    RTVJOBAPI   *USE          34
    RTVJOBSCDE  *USE          37      TAAJOBSCDE
    RTVMSKPWD   *USE          88
    RTVTIMSTM2  *USE          45
    RTVTRNTBL   *USE          45
    RTVUSRPRF2  *USE          23      TAARTVUSR2
    SAVACT      *USE          60
    SAVALLCHG   *USE                  TAASAVALLC
    SAVCHG23    *USE          75      TAASAVALLC
    SAVE2       *USE          55
    SAVLIBSAVF  *USE          80
    SBMJOB2     *USE          27      TAASBMJOB2
    SETDAYLITE  *USE          40
    SHOUT       *USE          20
    SNDAUDE     *USE          66
    SNDUSRBRK   *USE          53      TAASNDBRK
    SNDGRPPRF   *USE          24
    SNDTIMMSG   *USE          11
    SNDUSGMSG   *USE          25
    SNDUSRBRK   *USE          32
    SPLCTL      *USE          87
    SPLDST      *USE          29      TAASPLDST
    SPLSTO      *USE          81
    SRCCTL      *USE           6
    UPSMON      *USE          76
    WHO         *USE          51
    VRYCFG2     *USE          39      TAAVRYCFG
    VRYCFGOFF   *USE                  TAAVRYCFGO
    WRKDSAUSR   *USE          93      TAAENAUSR
    WRKALLSPLF  *USE          46      TAAALLSPLF
    Install     *USE          21      TAAINSTALL

Index of programs that adopt

    Program     Tool        Note

    TAADBFFC    LOCKMSG        1
    TAADBFFE    LOCKMSG        1
    TAADBFFF    LOCKMSG        1
    TAADBFFG    LOCKMSG        1
    TAASPMDC    PAGSEP        41
    TAASPMDC2   PAGSEP        41
    TAASAVTC9   SAVE2         55
    TAASAVTC7   SAVE2         55
    TAAJOBKC11  DLYCMD        56
    TAAJODCC    DSPJOB3       57
    TAASEFAC5   EDTAUTL       58
    TAASAVUC24  SAVACT        60
    TAASAVUC25  SAVACT        60
    TAAJODFC24  JOBDEP        63
    TAAJODFR45  JOBDEP        63
    SNDAUD      SNDAUDE       66
    TAAIFSAC    CVTIFS        73
    TAASAVWC    SAVCHG23      75
    TAASYTLC13  UPSMON        76
    TAASYTLC12  UPSMON        76
    TAASPMRR2   SPLSTO        81
    TAASPMRR25  SPLSTO        81
    TAAJOEAC27  JOBANZ        83
    TAASPLIC20  SPLCTL        87
    TAATAPNC    CRTVTP        90
    TAATAPNC2   CRTVTP        90
    TAATAPNC4   CRTVTP        90
    TAATAPNC11  CRTVTP        90
    TAAJOEJC23  CHKINACT2     92
    TAAJOEJC25  CHKINACT2     92
    TAAJOEJC24  CHKINACT2     92
    TAADBLPC    CMPDBF2       94
    TAAJROPC    DSPJRNA       95
    TAAWHRDC15  QRYUSE        96
    TAAPRTOC11  DSPWTR       100
    TAADBIUR13  TAAQRY       104
    TAADSQAC    DSPDSTQ      106
    TAAEMLEC21  MAILADR      107
    TAAIFSMC    RTVIFSED     110
    TAAIFSMC2   RTVIFSED     110
    TAAJOBAC2   WHO          113
    TAAJOCKC3   JOBTALK      116
    TAAJOCKC11  JOBTALK      116
    TAAJOCKC14  JOBTALK      116
    TAAJOCKC22  JOBTALK      116
    TAAJODJC11  CHKINACT     117
    TAAMBRJC    ADPMBR       126
    TAAMBRJC2   ADPMBR       126
    TAAMBRJC3   ADPMBR       126
    TAAMNUAC21  DYNMNU       127
    TAAMSGLC2   SHOUT        128
    TAANAMAC9   NAMADR       131
    TAANETDC    CAPNETA      132
    TAANTEAC23  NTEFIL       133
    TAASEDBC3   SECOFR2      141
    TAASPLWC9   DSPSPLF2     147
    TAASRCBC    CMPSRC3      151
    TAASRCHC    SRCCTL       152
    TAASRCHC2   SRCCTL       152
    TAASYSKC3   DSPSYS       159
    TAATAPNC5   RPLVTP       164
    TAATAPNC7   RPLVTP       164
    TAATAPNC6   RDYVTP       165
    TAAOBLKC    DSPOBJD4     175


1.  There is no known exposure with the LOCKMSG function unless you
    restrict which users are allowed to send messages to other users.
    The programs TAADBFFC, TAADBFFE, TAADBFFF, and TAADBFFG adopt.

2.  The DSPPWD processing program must be available for public usage
    to allow any user to change his password. The secure functions
    require the user be authorized to the TAASECURE library which is
    created AUT(*EXCLUDE).

3.  The FRCJOBLOG command of the SETJOBLOG tool adopts authority
    because the intent is to make the SIGNOFF command private. If you
    secure the SIGNOFF command, this may have implications for the use
    of other TAA Tools or your own code.

4.  The user that creates ACCSECLIB must have *ALLOBJ authority. The
    list of libraries that are valid to use is controlled by the
    ACCSECLIB data area in TAASECURE. Use EDTCONARR to change the
    list. The data area is shipped with QGPL as a sample library. This
    does not make QGPL secure, but allows testing of the ACCSECLIB
    command with a library that you would normally not care if a user
    displayed or copied an object from.

    Any user of the ACCSECLIB command, must be authorized to the
    TAAACCSECL authorization list. See the implementation instructions
    for the tool.

5.  The user of the CHGGRPPRF command must be explicitly authorized to
    the profile in order to change group profiles.

6.  The SRCCTL tool checks the authorization to a data area in the
    same library as the source control files before allowing the
    CHKSRCOUT or CHKSRCIN commands to operate.

7.  The ALCTMPMBR commands use temporary files in TAATOOL. The user
    must be authorized to add and clear to these members in a
    controlled manner.

8.  The RSTFIL command prompts for the RSTOBJ command and requires the
    use of the RSTOBJ library where only files may be restored.

9.  The ADPMBR tool checks for the valid files to be used in the
    ADPMBR data area in TAASECURE. The data area should be maintained
    with EDTCONARR.

10. Unused.

11. Several programs adopt to allow any user to start the SNDTIMMSG
    job and use SNDTIMMSG.

12. The CHGUSRPWD tool requires the Security Officer to change the
    QPWDVLDPGM system value in order to be operational.

13. The command RMVSYSLIBE is public, but the only valid libraries are
    those that exist in the RMVSYSLIBE data area in TAASECURE. The
    data area is shipped with no libraries entered. QSYS is always

14. The CAPNETA command is public. The current network attributes are
    stored in the NETWRKATTR data area in TAASECURE. The companion
    command (RTNNETA) requires a user with *ALLOBJ special authority.

15. The CHKTAATOOL command is public. Objects are accessed for read
    only. No updates occur.

16. The CHKSAVDEV command is public, but the user must have *SAVSYS or
    *ALLOBJ special authority (or adopt *ALLOBJ). Using adoption for
    the sub program allows for the CHKSAVDEV data area to be saved,
    restored to QTEMP, and deleted from QTEMP.

17. The spelling RPG programs adopt to avoid a system bug requiring
    special authorization.

18. The DSPLIBSRCF CL program ensures the user has *USE authority to
    the specified library. The QSECOFR profile is adopted because the
    QADBXREF file cannot be used by the public.

19. DSPSYS uses a sub program to access the last change date of QINITT
    which is excluded to the public.

20. A sub program is used by SHOUT to be able to access the user class
    of any user.

21. The special install programs TAATOLUx exist in TAATOOL to allow a
    subsequent install to be done by a user who is authorized to the
    TAAINSTALL authorization list.

22. LMTDLTSPL2 must access a data area in TAASECURE to validate
    whether the spooled file should be deleted.

23. RTVUSRPRF2 allows any user profile to be retrieved.

24. SNDGRPPRF adopts to allow access to all user profiles in order to
    determine the current groups and to allow break messages to be

25. SNDUSGMSG adopts to allow break messages to be sent.

26. The CRTNAMEDT command requires some special authority to duplicate
    the command object. It is the only function that adopts authority.

27. The SBMJOB2 and SBMJOB3 commands are each tied to unique
    authorization lists.

28. One program within the DSPSPLF2 command is used to access the
    system defaults from the DSPSPLF2 user space in TAASECURE.

29. The DUPSPLDST command within SPLDST is used to cause DUPSPLF.

30. The DUPSPLF command requires authorization to the TAADUPSPLF
    authorization list. To change to a new owner requires
    authorization to the TAASPLDST authorization list.

31. The CPYUSRPRF2 command is an option on the SECOFR2 menu and
    requires authorization to the TAACPYUSR2 authorization list.

32. The SNDUSRBRK command must adopt to allow any user to send a break
    message (requires *JOBCTL special authority). The command is
    restricted to operate only in an CL program.

33. The CVTAUDLOG command of the AUDLOG tool adopts authority and
    requires a user to be authorized to the TAAAUDLOG authorization
    list. This allows an operator to be able to do the conversion from
    the QAUDJRN on a regular basis. CVTAUDLOG is the only command in
    AUDLOG that requires authorization to the TAAAUDLOG authorization
    list. Most of the other functions are controlled by the owner of
    the files created by CRTAUDLOG. CVTAUDLOG3 also requires
    authorization to TAAAUDLOG.

    The TAASEDSC23 program adopts QSECOFR authority to display a
    detail journal entry from the journal itself (Option 7 on
    DSPAUDLOG). The program prevents a user who does not have *USE
    authority to the AUDLOGP file from being able to use this

34. The Retrieve Job API tool is a program that adopts the QSECOFR
    profile to allow retrieval from the QUSRJOBI API formats without
    having *JOBCTL special authority. Nothing can be changed from the
    program. The tool is used by other tools such as DSPACTJOB. The
    program is unlikely to be used by a typical user because it
    requires a complex parameter list be passed including the internal
    job ID which cannot be determined without writing a program that
    uses an API.

35. The Job Accounting tool has two commands (CVTJOBACG and
    CVTJOBACG2) that adopt QSECOFR authority. Use of the commands is
    restricted to users who are authorized to the TAAJOBACG
    authorization list. The Print Accounting tools has the same two
    commands (CVTPRTACG and CVTPRTACG) that adopt QSECOFR and also use

36. The Execute Using *JOBCTL tool adopts the QSECOFR *JOBCTL
    authority. The command is restricted to those users authorized to
    the TAAJOBCTL authorization list.

37. The Job Talk tool uses an authorization list for the SNDJOBTALK
    command and CL program. Sub programs used by STRJOBTALK and
    SNDJOBTALK and the break handling program set by STRJOBTALK use
    adopted programs to access data areas in TAASECURE. CLNJOBTALK
    uses adopted authority to delete unused TAAnnnnnn message queues
    in the TAAWORK library. This allows the first user of the
    STRJOBTALK command each day to automatically submit a batch job
    for cleanup. CLNJOBTALK allows public use, but may be used at any
    time by any user without harm to the Job Talk function.

38. The Job Schedule tools require use of the TAAJOBSCDE authorization

39. The VRYCFG2 tool uses the TAAVRYCFG authorization list to allow a
    user without *JOBCTL to use a simple version of VRYCFG.

40. The SETDAYLITE programs adopt to allow the job to run under the
    QSECOFR profile. This avoids the potential problem of the user
    profile of the job being deleted when the function is scheduled.

41. The PAGSEP tool uses TAASPMDC to access the setting of the
    TAAPAGSEPn application value in TAASECURE. It provides a 'read
    only' function. The TAASPMDC2 program is the sample program which
    allows access to the text of a passed in user profile name.

42. The PRTSAVLBL tool uses TAASAVQC2 to access the setting of the
    PRTSAVLBL application value in TAASECURE. It provides a 'read
    only' function.

43. The CVTFRMSPLF tool uses the TAACVTSPLF authorization list for the
    CVTTOSPLF command. This command uses an API which requires *ALLOBJ
    authority to create a spooled file. The CVTTOSPLF processing
    program is controlled by the authorization list and adopts QSECOFR

44. The PRTLIBCNT and PRTSAVCNT tools can operate across the entire
    system for 'read only' purposes. The command and processing
    programs are controlled by the TAADSPADP authorization list.

45. The RTVTRNTBL command retrieves the name of the system wide
    Translate Table found in the TAATRNTBL data area in TAASECURE. The
    command allows *PUBLIC use, but no known security exposures exist.

46. The DSPALLSPLF and WRKALLSPLF tools tool allow any user to display
    his own spooled files. The TAAALLSPLF authorization list allows a
    user to display spooled files owned by other users. Both the
    TAASPMSR program (part of WRKALLSPLF), and TAASPMMR program (part
    of DSPALLSPLF) adopt, but ensure that the user has *USE authority
    to TAAALLSPLF if a user other than *CURRENT is specified.

47. The RTVHDWRSC tool must use an API that is shipped as
    PUBLIC(*EXCLUDE). No known exposures exist by adopting the QSECOFR

48. The EDTDBF command checks the TAAEDTDBF authorization list if the
    user is not the owner of the file. No objects are authorized to
    the list.

49. The RTVTIMSTM2 command accesses the TAANBRCT user space and
    updates the counter.

50. The RTVNBRCTR command accesses the NBRCTR user space and updates
    the counter.

51. The WHO command accesses the TAASECURE library if the default is
    taken for CPUPCTLMT. There are no known exposures as this is a
    'read only' access.

52. The PRTJOBSUM command requires authorization to the TAACVTQHST
    authorization list to allow reading the QHST files.

53. The SNDUSRBRK2 command requires authorization to the TAASNDBRK
    authorization list.

54. The RCLSTG2 command and program require authorization to the
    TAARCLSTG2 authorization list.

55. The SAVE2 programs TAASAVTC9 and TAASAVTC7 adopt authority to
    access the SAVE2 *USRSPC information and DLYCMD *DTAARA objects
    from the TAASECURE library. There are no known exposures as this
    is a 'read only' access.

56. The DLYCMD program TAAJOBKC11 adopts authority to access the
    DLYCMD *DTAARA information from the TAASECURE library. There are
    no known exposures as this is a 'read only' access.

57. The DSPJOB3 program TAAJODCC adopts authority of the TAAJOBCTL
    user profile to allow a display of any job. The user must have
    *JOBCTL authority or be authorized to the TAAJOBCTL authorization

58. The EDTAUTL program TAASEFAC5 adopts authority of the of QSECOFR
    to access Application Value data from TAASECURE. There are no
    known exposures as this is a 'read only' access.

59. The EDTOBJAUT2 program TAASECFC5 adopts authority of the of
    QSECOFR to access Application Value data from TAASECURE. There are
    no known exposures as this is a 'read only' access.

60. The SAVACT program TAASAVUC24 adopts authority to access all
    libraries for EDTSAVACT. The TAASAVUC25 program adopts authority
    to access the SAVACT Application Value in TAASECURE.

61. The RTVIFSEAUT program TAAIFSNC adopts authority in order to
    determine the current users authority.

62. Unused.

63. The JOBDEP program TAAJODFC24 adopts to access (read only) the
    JOBDEP Application Value in TAASECURE. The TAAJODFR45 program
    adopts to update the Master and Detail files with start and end

64. The CHGSGNTXT programs TAADSPLC and TAADSPLC3 require *JOBCTL and
    adopt to update the TAAMSGF in TAATOOL.

65. The CHKSGNCNT program TAASEFGC adopts authority to access objects
    in TAASECURE. No changes occur.

66. The SNDAUDE function adopts the QSECOFR profile to allow sending
    an entry to the QAUDJRN journal which may be *PUBLIC *EXCLUDE.

67. Most of the APYRMTJRN commands are *PUBLIC. STRAPYRMT, ENDAPYRMT,
    SNDAPYRMTE, and CRTAPYRMTD are controlled by the TAAAPYRMT
    authorization list. The STRAPYRMT, ENDAPYRMT, and SNDAPYRMTE
    program adopt authority to allow operators to control the
    function. Several batch jobs are submitted by STRAPYRMT and they
    all adopt to allow the programs to operate on any object. The
    TAAJRODC46 and TAAJRODC47 programs adopt to allow the create of a
    file from the TAA Archive.

68. DUPTAADBF allows only specific files from TAATOOL to be duplicated
    when outfiles are requested. This is intended for internal use by
    TAA tools.

69. RTVIPLTIM requires the use of the system program QWCCRTEC which
    performs a dump. ending time of IPL and powerdown and is not
    considered to security sensitive.

70. MTNALLJRN allows the maintenance of all journals. Using an
    authorization list allows the system operator to perform the
    function without having excess authorization on the journals.

71. CHGDSTPWD2 allows any user authorized to the CHGDSTPWD2
    authorization list to reset the DST password.

72. DSPUSRTXT displays the user's text description based on entering
    the user profile name.

73. The CVTIFS program TAAIFSAC adopts authority, but requires the
    user to be authorized to the TAACVTIFS authorization list.

74. The CVTIFSEAUT program TAAIFSPC adopts authority, but requires the
    user to be authorized to the TAACVTIFS authorization list.

75. The SAVCHG23 program TAASAVWC adopts authority, but requires the
    user to be authorized to the TAASAVALLC authorization list.

76. The UPSMON TAASYTLC13 program adopts QSECOFR to allow a display of
    the UPSMON values. The TAASYTLC12 program adopts QSECOFR to
    provide for an orderly powerdown. The UPSMON *JOBD is shipped with
    *PUBLIC *EXCLUDE. It contains the value USRPRF = QPGMR which is
    required for an auto start job. If STRUPSMON2 is run, an auto
    start job entry is added to the controlling subsystem and QPGMR is
    authorized to *USE for the job description.

77. The DSPCMDHLP command allows any user to display the help text for
    any command regardless of the authorization. The command is never
    run by DSPCMDHLP.

78. The CHKASPSTG command uses two sub programs that adopt to access
    the CHKASPSTG Application Value in TAASECURE.

79. The NTEFIL MTNNTEFIL command uses a sub program that adopts to
    allow clearing and writing to the backup file TAANTEAT in TAATOOL.

80. The SAVLIBSAVF TAASAWBC11 adopts to allow the CHGOBJD tool to be
    used to set the user attribute of a save file.

81. The SPLSTO TAASPMRR2 and TAASPMRR25 programs adopt to allow
    *CHANGE authority to the spool store files while updates are

82. The CAPSECINF TAASEGMC12 program adopts to access the values from
    the CAPSECINF Application Value in TAASECURE.

83. The JOBANZ TAAJOEAC27 program adopts to access a value from the
    JOBANZ Application Value in TAASECURE.

84. Unused.

85. The CMPSRC3 command adopts to allow use of the work files NEWSRCP

86. The ENDTAALIC command adopts to allow access to a data area in in

87. The TAASPLIC20 program for SPLCTL adopts to allow update of the
    SPLCTLRCV and SPLCTLRCV2 recovery data areas in TAATOOL.

88. The RTVMSKPWD TAASEGQC and TAASEGQC2 programs adopt security to
    the MSKPWDP file in TAASECURE.

89. The DSPJOBLOG4 TAASPOBC program adopts to allow *ALLOBJ and
    *SPLCTL. The user of the command must be authorized to the
    TAASPLSEC authorization list.

90. The TAATAPNC, TAATAPNC2, TAATAPNC4, and TAATAPNC11 programs adopt
    to ensure access to various functions. The user must be authorized
    to the TAAVTP authorization list.

91. The DSPGRPPRF program TAASEGWC2 adopts QSECOFR to allow the use of
    the DSPUSRPRF outfile function to the TAASECKP file in TAASECURE.
    CVTGRPPRF then reads this file and creates the GRPPRFP program in
    QTEMP which contains the user profile records for each group
    member. TAASEGWC2 ensures that the profile is a group profile and
    that the user has 'all rights' to the group profile.

92. The TAAJOEJC23 and TAAJOEJC25 programs adopt to access the
    Application Value CHKINACT2 in TAASECURE. The TAAJOEJC24 program
    adopts to access the user text description from the profile used
    in WRKINACT2. Both programs perform read only functions and are
    considered safe.

93. Unused.

94. The CMPDBF2 program TAADBLPC adopts to allow the use of the CLPDBR
    tool against the file. The file is only read and compared against
    a copy of the same file made at a previous time.

95. The DSPJRNA and DSPJRNRCVD programs (TAAJROPC and TAAJRORC) adopt
    to allow a 'display only' function of the journal and receiver
    directory. The user must have *OBJOPR authority to the journal.
    This allows operation personnel to see the journal and the
    directory without having WRK options. The journal entries are not

96. The QRYUSE tool CVTQRYUSE command calls a sub program TAAWHRDC15
    to delete a restored object in QTEMP. Only a DLTQRY command is
    used and the object must be in QTEMP.

97. The CHKTAAOWN tool is for internal use and checks critical
    programs to see if they are owned by an *ALLOBJ user and still
    tied to the same *AUTL used at create time.

98. The DTAARAARC tool command STRARAARC adopts to allow a change of
    the user attribute for the created save files. This ensures they
    were created by the tool.

99. The DSPDSTQ tool command adopt the QSECOFR profile to provide a
    public 'display only' version of WRKDSTQ.

100. The DSPWTR tool uses the TAAPRTOC11 program to allow DSPWTRSTS.
     The program adopts to avoid the requirement for *JOBCTL.

101. The CHKUSRGRP tool uses the TAASELCC program to allow a user
     authorized to the TAACHKUSRG *AUTL to run the command. The
     program adopts to avoid the requirement for *ALLOBJ.

102. The DUPFILFMT2 tool uses the TAADBOHC2 program to allow any user
     to be able to duplicate a file format (create a new file) without
     being authorized to the file. The data is not copied.

103. The CRTXREFLF tool uses the TAADBINC program to allow creation
     over the QADBXREF file.

104. The TAAQRY tool uses the TAADBIUR13 program to update the QRYFILP
     file with the date the query was run.

105. The CHKNAMADR tool uses the TAADBKXR2 program to read the
     TAADBKXP file in TAASECURE to build the arrays needed to check.

106. The DSPDSTQ tool uses the TAADSQAC program to allow any user to
     display the distribution queue.

107. The MAILADR tool uses the TAAEMLEC21 program to change the the
     user attribute of TAA mail files.

108. The HORSERACE tool uses the TAAGAMAC program to change the data
     area in TAATOOL.

109. The RTVLSTQHST tool uses the TAAHSTGC program to access the QHST

110. The RTVIFSED tool uses the TAAIFSMC and TAAIFSMC2 programs to
     access the IFS information.

111. The CHKIFSSAV tool uses the TAAIFULC program to access the IFS

112. The DSPJOBSCDE tool uses the TAAJBSEC2 program to access the job
     schedule information.

113. The WHO tool uses the TAAJOBAC2 program to access the application
     value in TAASECURE.

114. The DSPSBSJOB tool uses the TAAJOCEC2 program to access the
     information via an API.

115. The RTVJOBAPI tool uses the TAAJOCHC program to access the
     information via an API.

116. The JOBTALK tool uses these programs to execute commands within
     another job.

117. The CHKINACT tool uses the TAAJODJC11 program to retrieve an
     application value in TAASECURE.

118. The DSPUSRJOB tool uses the TAAJODZC3 and is owned by TAAJOBCTL
     which provides *JOBCTL authority.

119. The DTAARAARC tool uses the TAAARARC25 program to change the
     object description to update information.

120. The DSPCMDHLP tool uses the TAACMEYC program to display command
     help for any command.

121. The DSPSBSJOBQ tool uses the TAAJODIC2 to provide a display of
     any job queue with only display options.

122. The APYRMTJRN tool uses the TAAJRODC35 and TAAJRODC59 for
     internal processing.

123. The RMVSYSLIBE tool uses the TAALIBQC program to remove libraries
     from the system portion of the library list that have been
     specified by the Security Officer.

124. The FRCJOBLOG tool uses the TAALOGAC2 program with adoption to
     allow the SIGNOFF command to remain private.

125. The DSPALLJLG tool uses the TAALOGHR program with adoption to
     allow any job log to be displayed. The command is controlled by
     the TAADSPJLG authorization list.

126. The ADPMBR tool uses the TAAMBRJC, TAAMBRJC2, and TAAMBRJC3
     programs to allow end users to operate with member commands on
     files specified by the Security Officer.

127. The DYNMNU tool uses the TAAMNUAC21 program to access an
     Application Value in TAASECURE.

128. The SHOUT tool uses the TAAMSGLC2 program to access any user

129. The SNDTIMMSG tool uses the TAAMSGSC and TAAMSGSC8 programs to
     control the file for when messages are sent.

130. The SNDUSRBRK tool uses the TAAMSHJC programs to control the file
     for when messages are sent.

131. The NAMADR tool uses the TAANAMAC9 program for internal

132. The CAPNETA tool uses the TAANETDC program to capture all

133. The NTEFIL tool uses the TAANTEAC23 program to allow update of a

134. The CRTDUPPF tool uses the TAAOBJRC program to allow a user with
     *USE authority to a file to be able to duplicate it.

135. The RPGVALCHK tool uses the TAARPGCC program to allow internal

136. The CHKSAVDEV tool uses the TAASAVNC2 program with adopt so it
     can S/R and delete the CHKSAVDEV data area.

137. The CHGSCRPWD tool uses the TAASECCC2 program with adopt so it
     can access a program in TAASECURE.

138. The CPYUSRPRF2 tool uses the TAASECHC2 program with adopt so it
     can use CHGUSRPRF command.

139. The CHGUSRPWD tool uses the TAASECIC3 program with adopt so it
     can access an exit program in TAASECURE.

140. The CHGGRPPRF tool uses the TAASECJC program with adopt so it can
     change the group profile during a job.

141. The SECOFR2 tool uses the TAASEDBC3 program with adopt so it can
     access TAASECURE.

142. The CHKPGMOWN tool uses the TAASEEFC program with adopt so it can
     determine the owner of any program.

143. The DSPUSRTXT tool uses the TAASEFZC program with adopt so it can
     determine the user text of any user.

144. The RTVUSRTXT tool uses the TAASEGDC program with adopt so it can
     determine the user text of any user.

145. The CHGMSKPWD tool uses the TAASEGQC and TAASEGQC2 programs with
     adopt to mask a password. The source code is not shipped with the

146. The LMTDLTSPL2 tool uses the TAASPLSC2 program with adopt to
     access TAASECURE.

147. The DSPSPLF2 tool uses the TAASPLWC9 program with adopt to access

148. The CVTSPLSTO tool uses the TAASPMRC22 program with adopt to
     change a user space in the SPLSTO library.

149. The CPYSPLFIFS tool uses the TAASPNAC2 program with adopt to
     check for product requirements.

150. The RTVSPLSIZ tool uses the TAASPNXC program with adopt to access
     all spooled file information.

151. The CMPSRC3 tool uses the TAASRCBC program with adopt to allow
     internal processing.

152. The SRCCTL tool uses the TAASRCHC and TAASRCHC2 programs with
     adopt to allow updates to occur.

153. The DSPLIBSRCF tool uses the TAASRDJC program to determine the
     source files in the library.

154. The FNDSRCMBR tool uses the TAASRDKC program to determine the
     source files in the library.

155. The RTVLIBSRCF tool uses the TAASRDVC program to determine the
     source files in the library.

156. The CHKOBJSRC tool uses the TAASREEC10 program for the prompt
     override of CHKOBJSRC.

157. The CPYSRCHDR tool uses the TAASREHC3 program with adopt when
     copying standard source members.

158. The CRTSTDSRCF tool uses the TAASREIC2 program to adopt to access
     the TAASECURE library.

159. The DSPSYS tool uses the TAASYSKC3 program to adopt while
     accessing system objects.

160. The RTVHDWRSC tool uses the TAASYSXC program with adopt while
     accessing information.

161. The RTVIPLTIM tool uses the TAASYTXC program with adopt while
     accessing information.

162. The RTVSYSINF tool uses the TAASYTMC4 program with adopt to
     access TAASECURE.

163. The CHKASPSTG tool uses the TAASYTPC2 and TAASYTPC3 programs to
     access TAASECURE and internal processing.

164. The CRTVTP tool RPLVTP command uses the TAATAPNC5 program for
     internal processing. The WRKVRTTAP command uses the TAATAPNC7
     program for internal processing.

165. The RDYVTP tool uses the TAATAPNC6 program for internal

166. The RTVHOSTNAM tool uses the TAATCPGC program for internal

167. The DSPTIMZON tool uses the TAATIMNC11 program to access

168. The ALCTMPMBR tool uses the TAATMPCC program for internal

169. The DLCTMPMBR tool uses the TAATMPCC2 program for internal

170. The CHKTAAOWN tool uses the TAATOMOC program to check against any

171. The RTVTRNTBL tool uses the TAATRNAC program to access TAASECURE.

172. The CHGUSRPWD tool uses the TAASECIC2 program to access

173. The DUPTAADBF tool uses the TAATOMHC program to access to allow
     duplication from TAATOOL.

174. The TAASEGYC2 program adopts to allow enabling of a user profile.
     The user must be authorized to the TAAENAUSR authorization list.
     The check occurs using the UNADOPT tool (the objects are not
     controlled by the authorization list).

175. The TAAOBLKC program adopts to allow a user who is authorized to
     the TAADSPOBJ4 authorization list to display any object
     attributes. Only the attributes are displayed and not data. None
     of the objects are tied to the authorization list. Checking
     occurs within TAAOBLKC.

176. The TAATOLXC program adopts to allow the CPYTAADDS tool to use
     the CPYTAA tool to create files from DDS in the archive. Only DDS
     source is accessed.

177. The TAACVTLIBD authorization list is used to allow access to
     CVTLIBDBF for library special values such as *ALL. No objects are
     authorized to the list. The TAADBHCC program adopts.

178. The TAAMSHWC2 program is a short helper program that accesses
     read-only data areas from the TAASECURE library.

Determining programs that adopt

You can determine the programs in TAATOOL that adopt authority by
using the PRTPGMA tool and specifying USRPRF(*OWNER).

Authorization lists

For certain tools, an authorization list is created in QSYS to allow a
more convenient means of authorization and to allow security to remain
in place even though you re-create a tool or install a new version of
the TAA Productivity Tools.

The authorization lists are created as part of the installation of the
TAA Productivity Tools if they do not already exist. Some
authorization lists are used by multiple tools.

The following is a list of the TAA Authorization lists, the tools that
use each list and the objects that are shipped as authorized to the

        list in QSYS      Tool          Notes     Object     Type   Total
        ------------      ----          -----     ------     ----   -----

        TAAACCSECL        ACCSECLIB               ACCSECLIB  *CMD     2
                                                  TAASECBC   *PGM

        TAAALLSPLF        DSPALLSPLF      6                           0
                          WRKALLSPLF      6

        TAAAPYRMT         APYRMTJRN               STRAPYRMT  *CMD     8
                                                  ENDAPYRMT  *CMD
                                                  SNDAPYRMTE *CMD
                                                  CRTAPYRMTD *CMD
                                                  TAAJRODC   *PGM
                                                  TAAJRODC2  *PGM
                                                  TAAJRODC3  *PGM
                                                  TAAJRODC9  *PGM

        TAAAUDLOG         AUDLOG                  CVTAUDLOG  *CMD     7
                                                  TAASEDSC2  *PGM
                                                  TAASEDSR2  *PGM
                          CVTAUDLOG3              CVTAUDLOG3 *CMD
                                                  TAASEDWC   *PGM
                                                  TAASEDWC2  *PGM
                                                  TAASEDWR   *PGM

        TAACHGBIGP        CHGBIGPARM              CHGBIGPARM *CMD     5
                                                  RTVBIGPARM *CMD
                                                  TAATMPAC   *PGM
                                                  TAATMPAC2  *PGM
                                                  TAATMPAR   *PGM

        TAACHGOBJ2        CHGOBJD2                CHGOBJD2   *CMD     5
                                                  TAAOBJLC   *PGM
                                                  TAAOBJLC2  *PGM
                          CHGOBJSRC               CHGOBJSRC  *CMD
                                                  TAAOBJUC   *PGM

        TAACHGPRF2        CHGUSRPRF2              CHGUSRPRF2 *CMD     2
                                                  TAASEDHC   *PGM

        TAACHKUSRG        CHKUSRGRP               CHKUSRGRP  *CMD     2
                                                  TAASELCC   *PGM

        TAACLNTEMP        CLNTAATEMP              CLNTAATEMP *CMD     6
                                                  TAATMPBC   *PGM
                                          5       TAATMPBC2  *PGM
                                                  TAATMPBC3  *PGM
                                                  TAATMPBC9  *PGM
                                                  TAATMPBR   *PGM

        TAACPYUSR2        CPYUSRPRF2              CPYUSRPRF2 *CMD     3
                                                  TAASEDRC   *PGM
                                                  TAASEDRC2  *PGM

        TAACVTIFS         CVTIFS                  CVTIFS     *CMD    12
                                                  TAAIFSAC   *PGM
                                                  TAAIFSAC2  *PGM
                                                  TAAIFSAR   *PGM
                                                  DLTIFS     *CMD
                                                  DLTIFS2    *CMD
                                                  TAAIFSQC   *PGM
                                                  TAAIFSQC2  *PGM
                                                  TAAIFSQC3  *PGM
                                                  TAAIFSQC4  *PGM
                                                  TAAIFSQR   *PGM
                                                  TAAIFSQR2  *PGM

        TAACVTLIBD        CVTLIBDBF      11                           0

        TAACVTQHST        CVTQHST                 CVTQHST    *CMD    22
                                                  TAAHSTAC   *PGM
                                                  TAAHSTAR   *PGM
                          DSPQHST2                CVTQHST2   *CMD
                                                  DSPQHST2   *CMD
                                                  MTNQHST2   *CMD
                                                  TAAHSTEC   *PGM
                                                  TAAHSTEC2  *PGM
                                                  TAAHSTEC3  *PGM
                                                  TAAHSTEC5  *PGM
                                                  TAAHSTEC6  *PGM
                                                  TAAHSTEC7  *PGM
                                                  TAAHSTEC8  *PGM
                                                  TAAHSTEC9  *PGM
                                                  TAAHSTEC13 *PGM
                                                  TAAHSTER   *PGM
                                                  TAAHSTER3  *PGM
                          DLTJOBLOG               DLTJOBLOG  *CMD
                                                  TAALOGFC   *PGM
                                                  TAALOGFC2  *PGM
                          PRTJOBSUM               PRTJOBSUM  *CMD
                                                  TAAJOCXC   *PGM

        TAACVTSPLF        CVTFRMSPLF              CVTFRMSPLF *CMD     2
                                                  TAASPMEC2  *PGM

        TAADLTQHST        DLTQHST                 DLTQHST    *CMD     2
                                                  TAAHSTBC   *PGM

        TAADLTUSR2        DLTUSRPRF2              DLTUSRPRF  *CMD     2
                                                  TAASEDTC   *PGM

        TAADPTSEC         SECOFR2         3

        TAADSAPRF         DSAUSRPRF               DSAUSRPRF  *CMD     2
                                                  TAASEDFC   *PGM

        TAADSPADP         DSPADP          1       DSPCLSA    *CMD    34
                                                  DSPCMDA    *CMD
                                                  DSPDBRA    *CMD
                                                  DSPFDA     *CMD
                                                  DSPFFDA    *CMD
                                                  DSPJOBDA   *CMD
                                                  DSPLIBA    *CMD
                                                  DSPOBJAUTA *CMD
                                                  DSPOBJDA   *CMD
                                                  DSPPGMA    *CMD
                                                  DSPPGMADPA *CMD
                                                  DSPPGMREFA *CMD
                                                  DSPSAVFA   *CMD
                                                  DSPSBSDA   *CMD
                                                  DSPUSRPRFA *CMD
                                                  TAAADPAC   *PGM
                                                  TAAADPAC2  *PGM
                                                  TAAADPAC3  *PGM
                                                  TAAADPAC4  *PGM
                                                  TAAADPAC5  *PGM
                                                  TAAADPAC6  *PGM
                                                  TAAADPAC7  *PGM
                                                  TAAADPAC8  *PGM
                                                  TAAADPAC9  *PGM
                                                  TAAADPAC10 *PGM
                                                  TAAADPAC11 *PGM
                                                  TAAADPAC12 *PGM
                                                  TAAADPAC13 *PGM
                                                  TAAADPAC14 *PGM
                                                  TAAADPAC15 *PGM
                                                  TAAADPAC22 *PGM
                          CVTLIBCNT               CVTLIBCNT  *CMD
                                                  TAALICEC   *PGM
                                                  TAALICEC11 *PGM
                          PRTLIBCNT               PRTLIBCNT  *CMD
                                                  TAALICFC   *PGM
                          PRTSAVCNT               PRTSAVCNT  *CMD
                                                  TAASAVSC   *PGM

        TAADSPJLG         DSPALLJLG               None                0

        TAADSPOBJ4        DSPOBJD4                None                0

        TAADSPUSR2        DSPUSRPRF2              DSPUSRPRF2 *CMD     4
                                                  TAASEDCC   *PGM
                                                  TAASEDCC2  *PGM
                                                  TAASEDCC3  *PGM

        TAADSTPWD2        CHGDSTPWD2              CHGDSTPWD2 *CMD     2
                                                  TAASEFWC   *PGM

        TAADUPSPLF        DUPSPLF                 DUPSPLF    *CMD     2
                                                  TAASPLDC   *PGM

        TAAEDTDBF         EDTDBF          9                           0

        TAAENAUSR         ENAUSRPRF               ENAUSRPRF  *CMD     2
                                                  TAASECLC   *PGM

        TAAINSTALL        Install         2       TAATOLUC   *PGM     3
                                                  TAATOLUC2  *PGM
                                                  TAATOLUC3  *PGM

        TAAINZPWD         INZPWD                  INZPWD     *CMD     8
                                                  INZPWD2    *CMD
                                                  TAASECXC   *PGM
                                                  TAASECXC2  *PGM
                                                  TAASECXC4  *PGM
                                                  TAASECXC5  *PGM
                                                  TAASECXR   *PGM
                                                  TAASECXR4  *PGM

        TAAJOBACG         JOBACG                  CVTJOBACG  *CMD    14
                                                  CVTJOBACG2 *CMD
                                                  ANZJOBACG  *CMD
                                                  TAAACGBC2  *PGM
                                                  TAAACGBC7  *PGM
                                                  TAAACGBR2  *PGM
                          PRTACG                  CVTPRTACG  *CMD
                                                  CVTPRTACG2 *CMD
                                                  TAAACGEC2  *PGM
                                                  TAAACGEC7  *PGM
                          CVTJOBACG3              CVTJOBACG3 *CMD
                                                  TAAACGDC   *PGM
                                                  TAAACGDR   *PGM
                                                  TAAACGDR11 *PGM

        TAAJOBCTL         EXCJOBCTL      10       EXCJOBCTL  *CMD     2
                                                  TAAJOCIC   *PGM

        TAAJOBSCDE        RTVJOBSCDE              RTVJOBSCDE *CMD     8
                                                  TAAJBSAC   *PGM
                          CVTJOBSCDE              CVTJOBSCDE *CMD
                                                  TAAJBSBC   *PGM
                          ADDJOBSCD2              ADDJOBSCD2 *CMD
                                                  TAAJBSCC   *PGM
                          CPYJOBSCDE              CVTJOBSCDE *CMD
                                                  TAAJBSDC   *PGM
                          DSPJOBSCDR              DSPJOBSCDR *CMD

        TAAJOBTALK        JOBTALK                 SNDJOBTALK *CMD     2
                                                  TAAJOCKC4  *PGM

        TAAMTNJRN         MTNALLJRN               MTNALLJRN  *CMD     2
                                                  TAAJROJC   *PGM

        TAAPRDLIB         CHGPRDLIB               CHGPRDLIB  *CMD     2
                                                  TAALIBNC   *PGM

        TAARCLSTG2        RCLSTG2                 RCLSTG2    *CMD     4
                                                  TAARCLAC   *PGM
                          RCLSTGBCH               RCLSTGBCH  *CMD
                                                  TAARCLBC   *PGM

        TAARSTALLC        RSTALLCHG               RSTALLCHG  *CMD     8
                                                  RSTALLLIB  *CMD
                                                  RSTMNYCHG  *CMD
                                                  RSTMNYLIB  *CMD
                                                  TAARSTAC   *PGM
                                                  TAARSTDC   *PGM
                                                  TAARSTFC   *PGM
                                                  TAARSTIC   *PGM

        TAARSTANYL        RSTANYLIB               RSTANYLIB  *CMD     2
                                                  TAARSTBC   *PGM

        TAARSTFIL         RSTFIL                  RSTFIL     *CMD     2
                                                  TAARSTCC   *PGM

        TAARTVUSR2        RTVUSRPRF2              RTVUSRPRF2 *CMD     2
                                                  TAASEDLC   *PGM

        TAASAVALLC        SAVALLCHG               SAVALLCHG  *CMD     9
                                                  SAVALLCHG2 *CMD
                                                  SAVALLSAVF *CMD
                                                  TAASAVCC   *PGM
                                                  TAASAVCC2  *PGM
                                                  TAASAVCC3  *PGM
                                                  TAASAVCC4  *PGM
                          SAVCHG23                SAVCHG23   *CMD
                                                  TAASAVWC   *PGM

        TAASBMJOB2        SBMJOB2                 SBMJOB2    *CMD     1

        TAASBMJOB3        SBMJOB2                 SBMJOB3    *CMD     1

        TAASECOFR2        SECOFR2         7                           0

        TAASECRVW         DSPSECRVW               DSPSECRVW  *CMD     3
                                                  TAASECKC   *PGM
                                                  TAASECKR   *PGM

        TAASNDBRK         SNDUSRBRK               SNDUSRBRK2 *CMD     1

        TAASNDGRP         SNDGRPPRF               SNDGRPPRF  *CMD     4
                                                  TAAMSHDC   *PGM
                                                  TAAMSHDC9  *PGM
                                                  TAAMSHDR   *PGM

        TAASNDUSG         SNDUSGMSG               SNDUSGMSG  *CMD     2
                                                  TAAMSHEC   *PGM

        TAASPLDST         SPLDST                  DUPSPLDST  *CMD     4
                                                  TAASPLXC4  *PGM
                                                  TAASPLXC14 *PGM
                                                  TAASPLXR   *PGM

        TAASRCACC         TAAARC          4       CPYTAA     *CMD     8
                                                  CPYTAA2    *CMD
                                                  CPYTAAALL  *CMD
                                                  SCNTAA     *CMD
                                                  TAAARCAC2  *PGM
                                                  TAAARCAC7  *PGM
                                                  TAAARCAC8  *PGM
                                                  TAAARCAC32 *PGM

        TAAVRYCFG         VRYCFG2                 VRYCFG2    *CMD     2
                                                  TAACFGEC   *PGM

        TAAVRYCFGO        VRYCFGOFF               VRYCFGOFF  *CMD     2
                                                  TAACFGGC   *PGM


1.  Several other tools use one of the DSPxxxA commands. For example,
    PRTDBFEXP uses DSPOBJDA to allow a user to execute over any or all
    libraries if he is authorized to TAADSPADP. See the discussion
    with DSPADP.

2.  The initial installation must be done by a user with *ALLOBJ
    special authority. Any subsequent installs can be done by any user
    who is authorized to the TAAINSTALL authorization list. See the
    information member 'Installing as a Non-QSECOFR' on the HELPTAA

3.  The TAADPTSEC authorization list is optional. If you want
    Departmental Security Officers, use the CRTDPTSEC command of the
    SECOFR2 tool to create the authorization list. If TAADPTSEC
    exists, the options on the SECOFR2 menu check for the existence of
    the authorization list and only allow the user profiles to be
    managed if the user has all authority to the user profile . See
    the discussion with the SECOFR2 tool.

4.  The TAASRCACC authorization list is used for TAA Archive functions
    involving source. You must have *USE authority to display, copy,
    or scan any program source in the archive.

5.  The TAATMPBC2 program is optional and may not exist.

6.  *USE authority to the TAAALLSPLF authorization list is checked
    within the TAASPMMR and TAASPMSR programs if a user other than
    *CURRENT is specified.

7.  *CHANGE authority to TAASECOFR2 is required to display the SECOFR2
    menu without prompting for the current password. *USE authority
    requires entering the current password. The authorization list is
    shipped as *CHANGE.

8.  *USE authority to TAAJOBACG is required to convert journal entries
    for either JOBACG or PRTACG.

9.  If the user is not the owner of the file, he must be authorized to
    TAAEDTDBF. No objects are controlled by the authorization list.

10. The TAAJOBCTL authorization list is also used by the DSPJOB3 tool,
    but no objects in the tool are authorized to TAAJOBCTL. The
    program checks internally for authorization.

11. The TAACVTLIBD authorization list is used to allow access to
    CVTLIBDBF for library special values such as *ALL. No objects are
    authorized to the list. The TAADBHCC program adopts.

To authorize a user to a tool which is controlled by an authorization
list, you need to specify *USE authority. You may use EDTAUTL and
operate from the interactive display or the following command:

    ADDAUTLE AUTL(xxxxx) USER(xxx) AUT(*USE)

The objects that use an authorization list are created so that the
*PUBLIC user accesses their authority from the authorization list. The
authorization lists are created with the *PUBLIC being *EXCLUDE. This
allows a simple change to the authorization list if you want the tool
to be usable by *PUBLIC.

Copyright TAA Tools, Inc. 1995, 2020

Added to TAA Productivity tools April 1, 1995

Home Page Up to Top