TAA Tools

The Change  Authority 2  command is a  simple front  end to  the system
CHGAUT command  that operates only  on objects in a  library.  Multiple
users  may be  specified, but not  all CHGAUT  functions are supported.
Unlike GRT/RVKOBJAUT,  there are  no  low level  messages that  clutter
the job log and cannot be removed.

You must have *OBJMGT authority to the object being changed.

A  typical command  to provide  *USE authority  for user  JONES  to the
program object PGMA would be:

              CHGAUT2  OBJ(PGMA) OBJTYPE(*PGM)
                         USER(JONES) AUT(*USE)

CHGAUT2 always removes any existing authorities first.

More complex authorization can be specified such as:

              CHGAUT2  OBJ(PGMA) OBJTYPE(*PGM)
                         USER(JONES) AUT(*OBJMGT *OBJALTER
                         *READ *EXECUTE)

Because  the CHGAUT  command  (executed internally)  uses only  the AUT
special values *RWX, *W, *RX etc),  any use of the 'W' function  causes
all the object security functions of *ADD, *UPD, and *DLT.

Differences with CHGAUT

  **   CHGAUT  provides   the  normal  IFS  OBJ   parameter  interface.
       CHGAUT2 provides the normal obj/lib interface.

  **   CHGAUT   provides   for  both   data   authorities   and  object
       authorities.   CHGAUT2 provides  a  single AUT  parameter  which
       provides a similar function to GRT/RVKOBJAUT.

  **   CHGAUT provides  for changes  to the  Authorization List  (AUTL)
       of  the object.   CHGAUT2 does  not (see the  CHGOBJAUTL command
       for this function).

  **   CHGAUT   can  change   multiple  objects   within  a  directory.
       CHGAUT2 does not have a similar function.

  **   CHGAUT2  provides better  feedback  on  some errors  and  for  a
       normal completion.

Processing of AUT options

CHGAUT2  always   removes  any  existing  authorities   for  the  named
user(s).   No error occurs if  the user has no  authority.  This avoids
some unique problems  where CHGAUT only  adds the requested  authority.

CHGAUT2 does  not provide  for the  *OBJOPR AUT  value.   The value  is
implicitly applied  by the system for such  functions as *CHANGE, *USE,
or *READ.

The single  AUT  values  such  as *CHANGE  or  *ALL  provide  the  same
function as the same value on GRTOBJAUT.

The object  authorities such as  *OBJMGT and  *OBJREF provide the  same
function as the same value on GRTOBJAUT.

Since  CHGAUT allows only  the data authorities  of *RWX, *W,  *RX etc,
these must be mapped to the obj/lib values of *READ, *UPD, etc.

  **   The  'R' and  'X' values  are straightforward  in that  they are
       mapped to the *READ and *EXECUTE values.

  **   The 'W' function  is specified  as *ADD, *UPD,  *DLT.  There  is
       no method using  CHGAUT2 to specify just one  of the *ADD, *UPD,
       *DLT values.

As  with  GRTOBJAUT,  specifying  *READ and  *EXECUTE  is  the  same as
specifying *USE and the value *USE will appear on EDT/DSPOBJAUT.

Similarly, specifying  *READ, *ADD,  *UPD, *DLT,  and  *EXECUTE is  the
same  as  specifying *CHANGE  and  the  value  *CHANGE will  appear  on

CHGAUT2 escape messages you can monitor for

None.  Escape messages from based on functions will be re-sent.

CHGAUT2 Command parameters                            *CMD

   OBJ           The  qualified name of the  object to change authority
                 for.    The  library  value  defaults  to  *LIBL.    A
                 specific library or *CURLIB may also be used.

   OBJTYPE       The object type  to be changed.   Use the  prompter to
                 see the supported values.

   USER          The user  profile to change the authority  for.  Up to
                 50 names may be specified.

   AUT           The   authority  to  be  changed  to.    Any  existing
                 authority is first  removed for the named  user(s) and
                 the new authority is then specified.

                 For  any value entered  (such as  *CHANGE), it  is the
                 equivalent  of using  GRTOBJAUT AUT(xxx) where  xxx is
                 the specified  value.   See  the  previous  discussion
                 'Processing of AUT options'.

                 One of the following single values may be specified:

                    *REMOVE - If the user does not have
                              any existing authority, the
                              command completes normally.

                 The following may  be specified in a list of  up to 10

                   *ADD       - See the previous discussion
                   *DLT       - See the previous discussion
                   *UPD       - See the previous discussion


You must have *OBJMGT authority to the object.


The following TAA Tools must be on your system:

     CHKOBJ3         Check object 3
     EXTLST          Extract list
     EXTLST2         Extract list 2
     RSNLSTMSG       Resend last message
     SCNVAR          Scan variable
     SNDESCINF       Send escape information
     SNDESCMSG       Send escape message


None, the tool is ready to use.

Objects used by the tool

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   CHGAUT2       *CMD                   TAASEIP       QATTCMD
   TAASEIPC      *PGM       CLP         TAASEIPC      QATTCL

Added to TAA Productivity tools January 15, 2011

Home Page Up to Top