ACCSECLIB -- Access Secure Library

ACCSECLIB ACCESS SECURE LIBRARY TAASECB
In some environments, it is desirable to keep the application programmers from changing anything in the production libraries. However, these same programmers may have a valid need to be able to display anything, copy data or create duplicate objects from the production library. The Access Secure Library command (ACCSECLIB) is designed to allow this to occur. A typical command to display job description JOBD4 would be entered as: ACCSECLIB LIB(PRODUCTION) CMD(DSPJOBD) OBJ(JOBD4) The user would see the prompt for the DSPJOBD command and the JOBD parameter would be protected (it cannot be changed). ACCSECLIB is created by QSECOFR and operates under his authority. Before the command can be used, QSECOFR must modify the data area ACCSECLIB in TAASECURE to describe the valid libraries. The EDTCONARR command (part of the CONARR Tool) must be used: EDTCONARR DTAARA(TAASECURE/ACCSECLIB) The ACCSECLIB and CPP are controlled by the TAAACCSECL authorization list. A user must have USE authority to this list to use the ACCSECLIB command. See the implementation instructions. Some commands support an outfile. To use this function, the user must specify the OUTFILE parameter such as: ACCSECLIB LIB(PRODUCTION) CMD(DSPFD) OBJ(ALL) OUTFILE(xxx) The DSPFD prompt will appear with the OUTPUT and OUTFILE parameters protected. The library for the outfile will always be the current library which must exist to use the outfile function. For CPYF and CRTDUPOBJ, the TO library is always the current library (a current library must exist). For Copy file, a typical command to copy FILEX to the users current library would be: ACCSECLIB LIB(PRODUCTION) CMD(CPYF) OBJ(FILEX) The user would see the prompt for the CPYF command with the FROMFILE and TOFILE parameters protected. Other parameters (e.g. CRTFILE) could be entered. For CRTDUPOBJ, a typical command to duplicate FILEX to the users current library would be: ACCSECLIB LIB(PRODUCTION) CMD(CRTDUPOBJ) OBJ(FILEX) The user would see the prompt for the CRTDUPOBJ command with the OBJ, FROMLIB and TOLIB parameters protected. Other parameters (e.g. DATA) could be entered. The command assumes that the normal DSP commands will be used. The list can be tailored. In addition, if you have user written DSP commands, they can also be added to the program. Command parameters CMD ------------------ LIB The library to be accessed. The valid names must be entered into the program before it can be used. CMD The command to be executed. OBJ The object to be used in the command. If CPYF is specified, this is the name of the FROMFILE. Some commands support a generic name or ALL. These entries may be made if the command supports them. TOFILE The TOFILE to be used if CPYF is specified for the command. The default is FROMFILE. OUTFILE The default is NONE. An outfile name may be entered if supported by the DSP command specified (e.g. DSPFD). Prerequisites ------------- The following TAA Tools must be on your system: CONARR Constant array Implementation -------------- Before the tool can be used in production, you must do the following as a user with ALLOBJ authority. * Specify the valid libraries with the EDTCONARR command: EDTCONARR DTAARA(TAASECURE/ACCSECLIB) When the edit display appears, you should add your own libraries. ** The command and CPP are authorized to the TAAACCSECL authorization list. A user must have USE authority to the list to use ACCSECLIB. You may use EDTAUTL for an edit display or add the user with: ADDAUTLE AUTL(TAAACCSECL) USER(xxx) AUT(USE) If you want to alter the list of the valid DSP commands that can be used, see the discussion of how to modify any tool with the CRTTAASRCF tool. Testing ------- As a suggestion for testing, a user with ALLOBJ authority can place the library name QGPL into the data area. This will allow other users to try the ACCSECLIB using a library that is normally available to the PUBLIC. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ----- --------- ---------- ----------- ACCSECLIB CMD TAASECB QATTCMD TAASECBC PGM CLP TAASECBC QATTCL

ACCSECLIB      ACCESS SECURE LIBRARY                      TAASECB


In  some  environments,  it  is  desirable   to  keep  the  application
programmers  from  changing   anything  in  the  production  libraries.
However,  these same programmers  may have a  valid need to  be able to
display anything,  copy  data  or  create duplicate  objects  from  the
production library.

The  Access Secure  Library command  (ACCSECLIB) is  designed  to allow
this  to occur.   A  typical command to  display job  description JOBD4
would be entered as:

     ACCSECLIB    LIB(PRODUCTION) CMD(DSPJOBD) OBJ(JOBD4)

The user would  see the  prompt for  the DSPJOBD command  and the  JOBD
parameter would be protected (it cannot be changed).

ACCSECLIB  is created  by  QSECOFR and  operates  under his  authority.
Before  the command  can be  used,  QSECOFR must  modify the  data area
ACCSECLIB  in  TAASECURE  to  describe   the  valid  libraries.     The
EDTCONARR command (part of the CONARR Tool) must be used:

           EDTCONARR   DTAARA(TAASECURE/ACCSECLIB)

The ACCSECLIB  and CPP are  controlled by the  TAAACCSECL authorization
list.    A user  must  have *USE  authority  to this  list  to use  the
ACCSECLIB command.  See the implementation instructions.

Some  commands  support an  outfile.   To use  this function,  the user
must specify the OUTFILE parameter such as:

     ACCSECLIB    LIB(PRODUCTION) CMD(DSPFD) OBJ(*ALL) OUTFILE(xxx)

The DSPFD  prompt will appear  with the  OUTPUT and OUTFILE  parameters
protected.   The library  for the  outfile will  always be  the current
library which must exist to use the outfile function.

For  CPYF and CRTDUPOBJ, the  TO library is always  the current library
(a current library must exist).

For Copy file,  a typical command  to copy FILEX  to the users  current
library would be:

     ACCSECLIB    LIB(PRODUCTION) CMD(CPYF) OBJ(FILEX)

The user would  see the prompt for  the CPYF command with  the FROMFILE
and  TOFILE parameters  protected.   Other  parameters (e.g.   CRTFILE)
could be entered.

For CRTDUPOBJ,  a  typical command  to  duplicate FILEX  to  the  users
current library would be:

     ACCSECLIB    LIB(PRODUCTION) CMD(CRTDUPOBJ) OBJ(FILEX)

The user would see  the prompt for the CRTDUPOBJ command  with the OBJ,
FROMLIB  and  TOLIB  parameters  protected.    Other  parameters  (e.g.
DATA) could be entered.

The  command assumes that  the normal DSP  commands will be  used.  The
list can  be tailored.    In addition,  if you  have  user written  DSP
commands, they can also be added to the program.

Command parameters                                    *CMD
------------------

   LIB           The library to  be accessed.  The valid  names must be
                 entered into the program before it can be used.

   CMD           The command to be executed.

   OBJ           The  object to  be used  in the command.   If  CPYF is
                 specified, this is  the name  of the  FROMFILE.   Some
                 commands  support  a  generic  name or  *ALL.    These
                 entries may be made if the command supports them.

   TOFILE        The  TOFILE to be  used if  CPYF is specified  for the
                 command.  The default is *FROMFILE.

   OUTFILE       The  default  is  *NONE.    An  outfile  name  may  be
                 entered  if supported  by  the DSP  command  specified
                 (e.g.  DSPFD).

Prerequisites
-------------

The following TAA Tools must be on your system:

     CONARR       Constant array

Implementation
--------------

Before the  tool can be used  in production, you must  do the following
as a user with *ALLOBJ authority.

  **   Specify the valid libraries with the EDTCONARR command:

              EDTCONARR   DTAARA(TAASECURE/ACCSECLIB)

When the edit display appears, you should add your own libraries.

  **   The   command  and   CPP  are   authorized  to   the  TAAACCSECL
       authorization list.   A  user must  have *USE  authority to  the
       list  to  use  ACCSECLIB.   You  may  use  EDTAUTL for  an  edit
       display or add the user with:

              ADDAUTLE   AUTL(TAAACCSECL) USER(xxx) AUT(*USE)

If  you want to alter  the list of  the valid DSP  commands that can be
used,  see  the  discussion  of  how  to  modify  any  tool   with  the
CRTTAASRCF tool.

Testing
-------

As a  suggestion for testing, a  user with *ALLOBJ authority  can place
the  library name  QGPL  into the  data area.   This  will  allow other
users to try the ACCSECLIB using  a library that is normally  available
to the *PUBLIC.

Objects used by the tool
------------------------

   Object        Type       Attribute      Src member     Src file
   ------        -----      ---------      ----------     -----------

   ACCSECLIB     *CMD                      TAASECB        QATTCMD
   TAASECBC      *PGM          CLP         TAASECBC       QATTCL

Added to TAA Productivity tools April 1, 1995

Home Page

Up to Top