ADPMBR -- Adopt Member

ADPMBR ADOPT MEMBER TAAMBRJ
The Adopt Member tool provides a solution for allowing end users (when using programs) to perform the typical member functions (add, remove, and clear) on files regardless of how the files are authorized. Three commands are provided: ADDPFMADP - Same as ADDPFM CLRPFMADP - Same as CLRPFM RMVMADP - Same as RMVM The commands all adopt an owner who has ALLOBJ special authority. Each of the commands checks the specified file to ensure that it exists in the ADPMBR data area in TAASECURE. If the file is defined, the function is performed. If the file does is not defined, an escape message is issued. The Security Officer defines which files are valid by using the EDTCONARR TAA Tool command on the ADPMBR data area in TAASECURE. Normal security of files ------------------------ When a file is created, the default action allows a user to add, delete, or change records in an existing member. However, the default security does not allow a typical end user to add, clear, or remove a member. Any of these functions requires the OBJMGT right. If the application requires the user to add, clear, or remove a member, there are several solutions: ** Give the OBJMGT right for each file required to all users of the application * Use a program that adopts authority ** Grant ALLOBJ authority to the users None of these solutions is ideal. The ADPMBR tool provides an alternative solution which provides several advantages. ADPMBR Advantages ----------------- * The file authorization does not need to change from the default used on the Create command. This prevents any user from specifying one of the 3 system member commands (ADDPFM, CLRPFM, RMVM) unless he is the owner or has ALLOBJ authority. * The 3 commands provided by the tool can only be used in a program (they are arbitrarily restricted so that they cannot be used from a command entry display). This prevents the casual use by an end user (it is possible for an end user to directly call one the CPPs provided if the proper parameter list is passed). The Security Officer decides what files are valid to be used by the 3 commands provided by the tool. The naming of a file can be done at any time (the file does not have to be closed to make an authorization change). The tool provides commands that are similar to the 3 system commands (all the same parameters and options exist). Security Officer actions ------------------------ The data area ADPMBR exists in TAASECURE and is shipped with a sample entry. The Security Officer enters the file names (and qualified library) that are valid to be used by the 3 commands provided by the ADPMBR tool. The ADPMBR data area is maintained with the EDTCONARR TAA command (part of the CONARR TAA Tool): EDTCONARR DTAARA(TAASECURE/ADPMBR) When the edit display appears, a 20 character value should be entered with the file name in the first 10 bytes and the library in the second 10 bytes. Up to 45 files may be entered. It is possible to use the special values LIBL or CURLIB as the library qualifier. In fact, either function may be helpful to allow the same file to exist in different libraries and be controlled by the users library list. All 3 of the commands provided by the tool default the library qualifier to LIBL. Thus if ADDPFMADP is specified as: ADDPFMADP FILE(FILEX) MBR(MBR1) ADDPFMADP will search the ADPMBR data area for the file named: 'FILEX LIBL ' If the file is not defined in the data area, an escape message is sent. It is possible to enter the same file name using both a qualified name and the special values. Thus the ADPMBR data area might contain values such as: 'FILEX LIBL ' 'FILEX CURLIB ' 'FILEX LIB1 ' 'FILEY LIB2 ' The only significant requirement is that the entry in the data area must match exactly what is specified on the commands provided by the tool. Note that you must provide a library value in the ADPMBR data area (a blank value will not allow any of the 3 tool commands to operate properly). When the Security Officer has defined a file, he can then inform the programmers that they may use the 3 tool commands in their application programs for that file. Example ------- Assume the application needs to allow end users to add, remove, or clear a member during a program. The file is created with the normal security defaults (meaning the OBJMGT right is restricted to the owner or a user with ALLOBJ authority). The Security Officer uses EDTCONARR as described previously to enter the file name into the ADPMBR data area in TAASECURE. The value appears as: 'WRKFILE LIBL ' The programmers may now use any of the 3 tool commands in their programs: ADDPFMADP FILE(WRKFILE) MBR(MBRX) . . CLRPFMADP FILE(WRKFILE) MBR(MBRX) . . RMVMADP FILE(WRKFILE) MBR(MBRX) Escape messages you may monitor for ----------------------------------- The following special TAA messages are provided: TAA9896 The file name does not exist in the ADPMBR data area TAA9893 The file name exists in the ADPMBR data area, but the actual file cannot be found. An internal CHKOBJ command is used to determine if the file exists. TAA9897 Used by ADDPFMADP when the member already exists in the file. TAA9895 Used by CLRPFMADP and RMVMADP when the member does not exist in the file. System escape messages may also occur such as if the member is allocated and cannot be cleared. These are the normal escape messages sent by the system commands that will be resent to your program. ADDPFMADP Command parameters CMD ---------------------------- FILE The qualified file name. The library value defaults to LIBL. CURLIB may also be specified. MBR The member to be added. TEXT The member text to be used. The default is BLANK. EXPDATE The member expiration date. The default is NONE. SHARE Whether the open data path is to be opened shared. This is a YES/NO value that defaults to NO. SRCTYPE The source type if a source file is used. The default is NONE. CLRPFMADP Command parameters CMD ---------------------------- FILE The qualified file name. The library value defaults to LIBL. CURLIB may also be specified. MBR The member to be cleared. The default is FIRST. The special value LAST may also be used. RMVMADP Command parameters CMD -------------------------- FILE The qualified file name. The library value defaults to LIBL. CURLIB may also be specified. MBR The member to be removed. A generic name or the special value ALL may also be entered. Restrictions ------------ The CONARR tool allows up to 45 files to be described. Prerequisites ------------- The following TAA Tools must be on your system: CONARR Constant array Implementation -------------- The tool is ready to use, but the Security Officer must first make entries into the ADPMBR data area in TAASECURE using EDTCONARR to define the valid files (see previous discussion). Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- ADDPFMADP CMD TAAMBRJ QATTCMD CLRPFMADP CMD TAAMBRJ2 QATTCMD RMVMADP CMD TAAMBRJ3 QATTCMD TAAMBRJC PGM CLP TAAMBRJC QATTCL TAAMBRJC2 PGM CLP TAAMBRJC2 QATTCL TAAMBRJC3 *PGM CLP TAAMBRJC3 QATTCL Structure --------- ADDPFMADP Cmd TAAMBRJC CL pgm CLRPFMADP Cmd TAAMBRJC2 CL pgm RMVMADP Cmd TAAMBRJC3 CL pgm

ADPMBR          ADOPT MEMBER                           TAAMBRJ


The  Adopt Member  tool  provides a  solution  for allowing  end  users
(when  using programs) to  perform the  typical member  functions (add,
remove,   and  clear)  on  files  regardless   of  how  the  files  are
authorized.  Three commands are provided:

          ADDPFMADP    - Same as ADDPFM
          CLRPFMADP    - Same as CLRPFM
          RMVMADP      - Same as RMVM

The commands  all adopt  an owner  who has  *ALLOBJ special  authority.
Each  of the  commands  checks the  specified  file to  ensure that  it
exists in  the ADPMBR data area in TAASECURE.   If the file is defined,
the function  is  performed.   If  the file  does  is not  defined,  an
escape message is issued.

The  Security  Officer defines  which  files  are  valid by  using  the
EDTCONARR TAA Tool command on the ADPMBR data area in TAASECURE.

Normal security of files
------------------------

When  a file  is  created, the  default action  allows a  user  to add,
delete, or change records in an existing member.

However, the default  security does  not allow  a typical  end user  to
add, clear, or  remove a member.   Any of these functions  requires the
*OBJMGT right.

If  the  application requires  the  user  to add,  clear,  or remove  a
member, there are several solutions:

  **   Give  the *OBJMGT right  for each file required  to all users of
       the application

  **   Use a program that adopts authority

  **   Grant *ALLOBJ authority to the users

None  of these  solutions  is  ideal.    The ADPMBR  tool  provides  an
alternative solution which provides several advantages.

ADPMBR Advantages
-----------------

  **   The  file  authorization  does  not  need  to  change  from  the
       default  used on  the Create  command.   This prevents  any user
       from specifying one  of the  3 system  member commands  (ADDPFM,
       CLRPFM, RMVM) unless  he is the owner or  has *ALLOBJ authority.

  **   The  3 commands  provided  by the  tool can  only be  used  in a
       program (they  are arbitrarily  restricted so  that they  cannot
       be  used from  a  command entry  display).   This  prevents  the
       casual use  by an end  user (it is  possible for an  end user to
       directly  call  one the  CPPs provided  if the  proper parameter
       list is passed).

  **   The Security  Officer decides what  files are  valid to be  used
       by the  3 commands provided by the  tool.  The naming  of a file
       can  be done at  any time (the  file does not have  to be closed
       to make an authorization change).

  **   The tool  provides commands  that are  similar to  the 3  system
       commands (all the same parameters and options exist).

Security Officer actions
------------------------

The data area ADPMBR  exists in TAASECURE and is  shipped with a sample
entry.   The  Security  Officer enters  the file  names  (and qualified
library) that are valid to  be used by the  3 commands provided by  the
ADPMBR tool.   The ADPMBR  data area is  maintained with the  EDTCONARR
TAA command (part of the CONARR TAA Tool):

        EDTCONARR    DTAARA(TAASECURE/ADPMBR)

When the  edit display appears, a 20 character  value should be entered
with  the  file name  in  the first  10 bytes  and  the library  in the
second 10 bytes.

Up to 45 files may be entered.

It is  possible  to use  the special  values *LIBL  or  *CURLIB as  the
library qualifier.   In fact, either  function may be helpful  to allow
the  same file  to exist  in different libraries  and be  controlled by
the users library  list.  All 3  of the commands  provided by the  tool
default  the  library  qualifier  to  *LIBL.    Thus  if  ADDPFMADP  is
specified as:

      ADDPFMADP    FILE(FILEX) MBR(MBR1)

ADDPFMADP will search the ADPMBR data area for the file named:

         'FILEX     *LIBL     '

If  the file  is not  defined in the  data area,  an escape  message is
sent.

It is  possible to  enter the  same file  name using  both a  qualified
name and the special  values.  Thus the ADPMBR data  area might contain
values such as:

           'FILEX     *LIBL     '
           'FILEX     *CURLIB   '
           'FILEX     LIB1      '
           'FILEY     LIB2      '

The  only significant requirement  is that the  entry in the  data area
must  match exactly what  is specified on the  commands provided by the
tool.  Note that  you must provide a  library value in the ADPMBR  data
area  (a blank  value will  not allow  any of  the 3  tool  commands to
operate properly).

When  the Security Officer has  defined a file, he  can then inform the
programmers  that  they   may  use  the  3   tool  commands  in   their
application programs for that file.

Example
-------

Assume the  application needs  to allow  end users  to add, remove,  or
clear a  member during a program.  The file  is created with the normal
security defaults  (meaning  the *OBJMGT  right  is restricted  to  the
owner or a user with *ALLOBJ authority).

The Security  Officer uses EDTCONARR  as described previously  to enter
the  file name  into the  ADPMBR  data area  in TAASECURE.    The value
appears as:

           'WRKFILE   *LIBL     '

The  programmers  may now  use  any of  the  3 tool  commands  in their
programs:

         ADDPFMADP    FILE(WRKFILE) MBR(MBRX)
            .
            .
         CLRPFMADP    FILE(WRKFILE) MBR(MBRX)
            .
            .
         RMVMADP      FILE(WRKFILE) MBR(MBRX)

Escape messages you may monitor for
-----------------------------------

The following special TAA messages are provided:

   TAA9896       The file name does not exist in the ADPMBR data area

   TAA9893       The file  name exists  in  the ADPMBR  data area,  but
                 the actual  file cannot be found.   An internal CHKOBJ
                 command is used to determine if the file exists.

   TAA9897       Used  by ADDPFMADP when  the member  already exists in
                 the file.

   TAA9895       Used by  CLRPFMADP and  RMVMADP when  the member  does
                 not exist in the file.

System  escape  messages may  also  occur  such  as  if the  member  is
allocated  and  cannot  be  cleared.    These  are  the  normal  escape
messages sent  by the  system  commands that  will  be resent  to  your
program.

ADDPFMADP Command parameters                          *CMD
----------------------------

   FILE          The qualified file  name.  The library  value defaults
                 to *LIBL.  *CURLIB may also be specified.

   MBR           The member to be added.

   TEXT          The member  text to be  used.  The  default is *BLANK.

   EXPDATE       The member expiration date.  The default is *NONE.

   SHARE         Whether  the open  data path  is to  be opened shared.
                 This is a *YES/*NO value that defaults to *NO.

   SRCTYPE       The  source type  if  a  source  file is  used.    The
                 default is *NONE.

CLRPFMADP Command parameters                          *CMD
----------------------------

   FILE          The qualified  file name.  The  library value defaults
                 to *LIBL.  *CURLIB may also be specified.

   MBR           The  member to  be  cleared.   The default  is *FIRST.
                 The special value *LAST may also be used.

RMVMADP Command parameters                            *CMD
--------------------------

   FILE          The qualified file name.   The library value  defaults
                 to *LIBL.  *CURLIB may also be specified.

   MBR           The  member to  be removed.    A generic  name or  the
                 special value *ALL may also be entered.

Restrictions
------------

The CONARR tool allows up to 45 files to be described.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CONARR       Constant array

Implementation
--------------

The  tool is  ready to use,  but the  Security Officer must  first make
entries into  the ADPMBR  data  area in  TAASECURE using  EDTCONARR  to
define the valid files (see previous discussion).

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   ADDPFMADP     *CMD                   TAAMBRJ       QATTCMD
   CLRPFMADP     *CMD                   TAAMBRJ2      QATTCMD
   RMVMADP       *CMD                   TAAMBRJ3      QATTCMD
   TAAMBRJC      *PGM       CLP         TAAMBRJC      QATTCL
   TAAMBRJC2     *PGM       CLP         TAAMBRJC2     QATTCL
   TAAMBRJC3     *PGM       CLP         TAAMBRJC3     QATTCL

Structure
---------

ADDPFMADP   Cmd
   TAAMBRJC   CL pgm

CLRPFMADP   Cmd
   TAAMBRJC2  CL pgm

RMVMADP     Cmd
   TAAMBRJC3  CL pgm

Added to TAA Productivity tools May 1, 1996

Home Page

Up to Top