TAA Tools
CHKLMTCPB       CHECK LIMITED CAPABILITY               TAASECD

The Check limited  capability command checks  the user profiles  on the
system  to  determine the  users  specified as  both  USRCLS(*USER) and
LMTCPB(*NO).    An  option also  exists  to  force all  *USER  types to
LMTCPB(*YES).   CHKLMTCPB  is designed  to  assist in  ensuring  proper
security.  A spooled file is output.

Because the  command must retrieve information from  all profiles, only
a user with *ALLOBJ and *SECADM authority can use the command.

A typical command is entered as:

        CHKLMTCPB

The USRPRF spooled file output would be output.

In  many environments,  a *USER  type profile is  displayed application
menus only  and should  not  be able  to enter  any commands.    Unless
special action is  taken, there are normally two places  where the user
can perform general system functions:

  **   Signon menu.   If the system menu is  not replaced, the user who
       is LMTCPB(*NO)  can  request  a  different  initial  program  or
       different menu  option by using  entries on the  Signon display.
       Specifying  LMTCPB(*YES)  prevents  any  of these  entries  from
       being made on the signon display.

  **   Command  lines on  system menus.   If  a system display  such as
       WRKOUTQ is  displayed  for  the end  user  to allow  control  of
       spooled files,  a command line  exists.  A LMTCPB(*NO)  user can
       enter any authorized command.

       If   LMTCPB(*YES)  is  specified,   the  user   can  only  enter
       following commands by default such as:

              DSPMSG
              SNDMSG
              DSPJOB
              DSPJOBLOG
              SIGNOFF

       For a complete  list of commands  that can be  entered, see  the
       TAA Tool PRTLMTCMD.

       You can prevent  the entries of these commands  for LMTCPB users
       by  specifying ALWLMTUSR(*NO)  on the CHGCMD  command.   You can
       also  allow  other   commands  to  be   entered  by   specifying
       ALWLMTUSR(*YES).

       For example, the  following command would prevent users  who are
       limited from being able to use SIGNOFF on a command line.

         CHGCMD    CMD(SIGNOFF) ALWLMTUSR(*NO)

       Note that  limiting the SIGNOFF command from  being entered on a
       command  line does not prevent a  user from selecting SIGNOFF as
       a menu option such  as on the System  Request menu.  To  control
       this, you must make the command private.

       Any user  commands that  are created default  to ALWLMTUSR(*NO).

The  CHKLMTCPB  command  simplifies  the  task  of  managing users  who
should be controlled.

Command parameters                                    *CMD
------------------

   TYPE          The type of  option.  The default  is *CHECK.   *CHECK
                 reports  back  which  of   the  *USER  types  are  not
                 limited.    *FORCE ensures  that all  *USER  types are
                 limited.

                 System profiles  (with  the exception  of  QUSER)  are
                 bypassed.   A  system  profile is  assumed  to be  any
                 profile beginning  with the letter  'Q'.  If  you have
                 user  profiles beginning  with 'Q',  you must manually
                 make the change.

Prerequisites
-------------

The following TAA Tools must be on your system:

     EDTVAR       Edit variable
     PRINT        Print
     SNDCOMPMSG   Send completion message
     SNDESCMSG    Send escape message
     SNDSTSMSG    Send status message

Restrictions
------------

None

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type        Attribute      Src member    Src file
   ------        ----        ---------      ----------    ----------

   CHKLMTCPB     *CMD                       TAASECD       QATTCMD
   TAASECDC      *PGM           CLP         TAASECDC      QATTCL
					

Added to TAA Productivity tools April 1, 1995


Home Page Up to Top