CHGPRFPUB2 -- Change User Profile Per *PUBLIC 2

CHGPRFPUB2 CHANGE USER PROFILE PER *PUBLIC 2 TAASETW
The Change User Profile per PUBLIC 2 command is designed for the situation where IFS objects in a directory for the PUBLIC user have different forms of authority and you want to authorize a new user profile to have the same authority as the PUBLIC user. This would allow you to make the new user profile a group profile for designated profiles and then set the PUBLIC user to EXCLUDE to prevent access by non-authorized users. This allows members of the group to have the same authority as they had before. See CHGPRFPUB to make similar changes to library objects. See ADDGRPPRF for adding multiple users to a group profile. You must have ALLOBJ special authority to use CHGPRFPUB2. Assume you have various objects in a directory which have different authority levels such as RWX or RX (or even USER DEF) for the PUBLIC user. You want to prevent unauthorized access by eventually setting the PUBLIC user to EXCLUDE. You would first create a new user profile (assume the name is GROUP10). Then run CHGPRFPUB2 for a directory such as: CHGPRFPUB2 USRPRF(GROUP10) OBJ('/HOME/ABC') Because the default is ACTION(CHECK), no changes would occur. A listing would be displayed of the changes that would be made and any possible error conditions. Assuming the listing will describe the results you want to achieve, you would run again with ACTION(CHANGE). CHGPRFPUB2 USRPRF(GROUP10) OBJ('/HOME/ABC') ACTION(CHANGE) The displayed listing would describe the changes made. You would then use CHGUSRPRF to assign each user you want authorized and specify them as belonging to the group profile GROUP10. To set the PUBLIC user to EXCLUDE, you could use the TAA CHGDIRAUT command as: CHGDIRAUT DIR(/HOME/ABC) USRPRF(PUBLIC) DTAAUT(EXCLUDE) OBJAUT(NONE) Exceptions ---------- * If the USRPRF user is already specified for authority to an object, an exception is noted, but a change will be made if ACTION(CHANGE) is specified. You may want to change the authority back to its original value. * If an object is specified with an AUTL used to control authorizations, an error will be noted. If the PUBLIC user is specified as AUTL, you must manually change the AUTL object to achieve your objectives. CHGPRFPUB2 escape messages you can monitor for ---------------------------------------------- None. Escape messages from based on functions will be re-sent. The sub tool CVTIFSAUT may send escape messages. You cannot proceed unless CVTIFSAUT completes successfully. CHGPRFPUB2 Command parameters CMD ----------------------------- USRPRF The name of the user profile to be authorized to the objects in the same manner as the PUBLIC user. OBJ The path name of the directory and subdirectories to change authorities for. A directory must be named. OMITDIR If the Object parameter is a directory, specify up to 10 subdirectory names relative to that directory to be excluded. Any of the OMITDIR entries may be a subdirectory of the directory specified for the OBJ parameter. A subdirectory can go multiple levels deep, but cannot skip any directories along the way. For example, if 'Sub1' is a directory in the home directory and has a subdirectory of 'Sub1A', you cannot specify OBJ('') and OMITDIR('Sub1A'). Generic directories are supported by using an as the last character of an OMITDIR path. This causes any directory starting with the characters before the * to be omitted. An omitted directory cannot begin with a / or \. If a directory specified to be omitted does not exist, no error occurs. Examples: CHGPRFPUB2 OBJ() OMITDIR('dir1') Omits /home/xxx/dir1 and all its subdirectories CHGPRFPUB2 OBJ() OMITDIR('dir') Omits /home/xxx/yyyy where yyyy is a subdirectory beginning with 'dir' and all their subdirectories ACTION The ACTION to be performed. CHECK is the default. It will describe any situations that will prevent a change being made such as an Authorization List is used CHANGE may be specified to grant to the specified user the same authority as the PUBLIC user. OUTPUT How to output the results. * is the default to display the spooled file if the command is entered interactively. If the display is ended with F3/F12 or the Enter key, the spooled file is deleted after it is displayed. To retain the spooled file, you may use the the System Request 'Cancel' function and the spooled file will exist in a HLD status. If the command is entered in batch or PRINT is specified, the spooled file is output and retained. Restrictions ------------ You must have ALLOBJ special authority to use CHGPRFPUB2. Prerequisites ------------- The following TAA Tools must be on your system: CHKALLOBJ Check ALLOBJ special authority CHKOBJ3 Check object 3 CVTIFSDAUT Convert IFS directory authority CVTIFSAUT Convert IFS authority RMVMSGKEY Remove message key RSNLSTMSG Resend last message RTVSYSVAL3 Retrieve system value 3 SNDCOMPMSG Send completion message SNDESCINF Send escape information SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- CHGPRFPUB2 CMD TAASETW QATTCMD TAASETWC PGM CLP TAASETWC QATTCL TAASETWR PGM RPG TAASETWR QATTRPG

CHGPRFPUB2      CHANGE USER PROFILE PER *PUBLIC 2      TAASETW


The Change  User  Profile per  *PUBLIC 2  command is  designed for  the
situation where  IFS objects in  a directory for the  *PUBLIC user have
different  forms  of authority  and you  want to  authorize a  new user
profile to have  the same authority  as the *PUBLIC  user.  This  would
allow you to  make the new user profile a  group profile for designated
profiles  and then set the  *PUBLIC user to  *EXCLUDE to prevent access
by non-authorized  users.  This  allows members  of the  group to  have
the same authority as they had before.

See CHGPRFPUB to make similar changes to library objects.

See ADDGRPPRF for adding multiple users to a group profile.

You must have *ALLOBJ special authority to use CHGPRFPUB2.

Assume you  have various  objects in a  directory which  have different
authority  levels  such as  *RWX  or *RX  (or  even USER  DEF)  for the
*PUBLIC user.  You  want to prevent  unauthorized access by  eventually
setting the  *PUBLIC user to  *EXCLUDE.  You  would first create  a new
user profile (assume  the name is GROUP10).   Then run CHGPRFPUB2 for a
directory such as:

             CHGPRFPUB2  USRPRF(GROUP10) OBJ('/HOME/ABC')

Because  the  default is  ACTION(*CHECK), no  changes  would occur.   A
listing would be  displayed of the changes  that would be made  and any
possible error conditions.

Assuming the  listing will  describe the results  you want  to achieve,
you would run again with ACTION(*CHANGE).

             CHGPRFPUB2  USRPRF(GROUP10) OBJ('/HOME/ABC')
                          ACTION(*CHANGE)

The displayed listing would describe the changes made.

You  would then use CHGUSRPRF  to assign each user  you want authorized
and specify them as belonging to the group profile GROUP10.

To set the *PUBLIC  user to *EXCLUDE, you  could use the TAA  CHGDIRAUT
command as:

             CHGDIRAUT  DIR(/HOME/ABC) USRPRF(*PUBLIC)
                          DTAAUT(*EXCLUDE) OBJAUT(*NONE)

Exceptions
----------

  **   If the  USRPRF user  is already  specified for  authority to  an
       object,  an exception  is noted, but  a change  will be  made if
       ACTION(*CHANGE) is  specified.    You may  want  to  change  the
       authority back to its original value.

  **   If  an  object  is specified  with  an  *AUTL  used  to  control
       authorizations,  an error will  be noted.   If the  *PUBLIC user
       is  specified  as  *AUTL,  you must  manually  change  the *AUTL
       object to achieve your objectives.

CHGPRFPUB2 escape messages you can monitor for
----------------------------------------------

None.  Escape messages  from based on functions  will be re-sent.   The
sub  tool CVTIFSAUT  may  send  escape messages.    You cannot  proceed
unless CVTIFSAUT completes successfully.

CHGPRFPUB2 Command parameters                         *CMD
-----------------------------

   USRPRF        The  name of the user profile  to be authorized to the
                 objects in the same manner as the *PUBLIC user.

   OBJ           The path name of  the directory and subdirectories  to
                 change authorities  for.   A directory must  be named.

   OMITDIR       If  the Object  parameter is  a directory,  specify up
                 to 10 subdirectory  names relative  to that  directory
                 to be excluded.

                 Any of  the OMITDIR entries  may be a  subdirectory of
                 the  directory specified  for  the OBJ  parameter.   A
                 subdirectory  can go multiple  levels deep, but cannot
                 skip any directories along  the way.  For  example, if
                 'Sub1' is  a directory in  the home directory  and has
                 a   subdirectory  of   'Sub1A',  you   cannot  specify
                 OBJ('*') and OMITDIR('Sub1A').

                 Generic directories  are supported  by using  an *  as
                 the last  character of an  OMITDIR path.   This causes
                 any  directory  starting  with  the characters  before
                 the * to be omitted.

                 An omitted directory cannot begin with  a / or \.   If
                 a directory  specified to be  omitted does  not exist,
                 no error occurs.

                 Examples:

                  CHGPRFPUB2 OBJ(*) OMITDIR('dir1')

                     Omits /home/xxx/dir1 and all its subdirectories

                  CHGPRFPUB2 OBJ(*) OMITDIR('dir*')

                     Omits /home/xxx/yyyy where yyyy is a subdirectory
                      beginning with 'dir' and all their subdirectories

   ACTION        The ACTION to be performed.

                 *CHECK  is   the  default.    It   will  describe  any
                 situations  that  will  prevent  a  change  being made
                 such as an Authorization List is used

                 *CHANGE may  be specified  to grant  to the  specified
                 user the same authority as the *PUBLIC user.

   OUTPUT        How  to output  the  results.   *  is  the default  to
                 display  the spooled  file if  the command  is entered
                 interactively.  If  the display  is ended with  F3/F12
                 or the  Enter key, the  spooled file is  deleted after
                 it  is displayed.   To  retain  the spooled  file, you
                 may use the the  System Request 'Cancel' function  and
                 the spooled file will exist in a HLD status.

                 If  the command  is  entered  in  batch or  *PRINT  is
                 specified,  the spooled file  is output  and retained.


Restrictions
------------

You must have *ALLOBJ special authority to use CHGPRFPUB2.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CHKALLOBJ       Check *ALLOBJ special authority
     CHKOBJ3         Check object 3
     CVTIFSDAUT      Convert IFS directory authority
     CVTIFSAUT       Convert IFS authority
     RMVMSGKEY       Remove message key
     RSNLSTMSG       Resend last message
     RTVSYSVAL3      Retrieve system value 3
     SNDCOMPMSG      Send completion message
     SNDESCINF       Send escape information
     SNDESCMSG       Send escape message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   CHGPRFPUB2    *CMD                   TAASETW       QATTCMD
   TAASETWC      *PGM       CLP         TAASETWC      QATTCL
   TAASETWR      *PGM       RPG         TAASETWR      QATTRPG

Added to TAA Productivity tools January 15, 2013

Home Page

Up to Top