CHKOBJAUT -- Check Object Authority

CHKOBJAUT CHECK OBJECT AUTHORITY TAASEDO
The Check Object Authority command is like the system CHKOBJ command except that a generic name or all objects in a library may be checked. A typical command would be: CHKOBJAUT OBJ(LIB1/ABC) OBJTYPE(ALL) AUT(USE) The command would complete successfully if the user has USE authority to all the ABC generic objects in the LIB1 library. If the user is not authorized to one or more objects, an escape message is sent and a diagnostic message will exist for each object the user is not authorized to. Messages you may want to monitor for ------------------------------------ TAA9895 The user is not authorized to one or more objects. A CPF9898 diagnostic message will exist for each unauthorized object. CPF2123 No objects exist to be checked. This message will exist if there are no objects to be checked. CPF2105 No objects exist to be checked. This message will exist if a specific object is to be checked and does not exist. CPF2124 The user is not authorized to any of the objects or there may be damage. CPF2182 A specific library is named and the user is excluded from the library. Considerations -------------- The intent of CHKOBJAUT is to allow a program to ensure that the user is authorized before he proceeds into some function. CHKOBJAUT uses the system command DSPOBJD to build an outfile of the objects specified and then checks the authority. DSPOBJD will not add a record to the outfile if the user is not authorized to an object (EXCLUDE is specified). This fact may or may not cause some problems. For example, if the user is excluded from an object in your application, but properly authorized to all of the other objects, the use of CHKOBJAUT would complete successfully. However, the application may still fail when the user attempts to process the excluded object. If your application involves system commands, some system commands will work if an object is excluded and some will not. Here are some examples: * GRTOBJAUT can be used to grant authority to a generic group of objects if the user has OBJMGT authority. If the user is excluded from one of the objects, but has OBJMGT to all the others, the GRT command works successfully. Consequently, you could use CHKOBJAUT first before granting authority to a generic name. ** CRTDUPOBJ can be used for a generic name and also requires OBJMGT authority. However, if the user is excluded from one of the generic objects, CRTDUPOBJ will fail. Consequently, CHKOBJAUT is not a perfect solution if you are attempting to determine if the user can duplicate a generic set of objects. Command parameters CMD ------------------ OBJ The qualified object name of the object. A generic name may be used or the special value ALL for all objects. The library qualifier defaults to LIBL. CURLIB, ALL, ALLUSR, or USRLIBL may be specified. OBJTYPE The object type. The standard object types are supported. The default is ALL. ALL may not be specified if a specific object is named and a library of LIBL or USRLIBL. This is a DSPOBJD restriction. AUT The authority to be checked. The default is ALL. The same values as exist on CHKOBJ are valid such as USE, CHANGE, OBJMGT, and READ. The value EXCLUDE is not supported. Restrictions ------------ See the section on considerations. Prerequisites ------------- The following TAA Tools must be on your system: EDTVAR Edit variable EXTLST Extract list CHKGENERC Check generic SNDDIAGMSG Send diagnostic message SNDCOMPMSG Send completion message SNDESCMSG Send escape message SNDSTSMSG Send status message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- CHKOBJAUT CMD TAASEDO QATTCMD TAASEDOC PGM CLP TAASEDOC QATTCL

CHKOBJAUT       CHECK OBJECT AUTHORITY                 TAASEDO


The Check Object  Authority command is  like the system  CHKOBJ command
except  that  a  generic name  or  all  objects  in  a library  may  be
checked.

A typical command would be:

             CHKOBJAUT   OBJ(LIB1/ABC*) OBJTYPE(*ALL) AUT(*USE)

The   command  would  complete  successfully   if  the  user  has  *USE
authority to all the ABC generic objects in the LIB1 library.

If the  user  is not  authorized  to one  or  more objects,  an  escape
message is  sent and  a diagnostic message  will exist for  each object
the user is not authorized to.

Messages you may want to monitor for
------------------------------------

   TAA9895       The  user is  not authorized  to one or  more objects.
                 A CPF9898  diagnostic  message  will  exist  for  each
                 unauthorized object.

   CPF2123       No objects  exist to  be checked.   This  message will
                 exist if there are no objects to be checked.

   CPF2105       No  objects exist  to be checked.   This  message will
                 exist if a specific object  is to be checked and  does
                 not exist.

   CPF2124       The user is  not authorized to  any of the  objects or
                 there may be damage.

   CPF2182       A specific  library is named and the  user is excluded
                 from the library.

Considerations
--------------

The  intent of CHKOBJAUT is to allow a  program to ensure that the user
is authorized before he proceeds into some function.

CHKOBJAUT uses the  system command DSPOBJD to  build an outfile of  the
objects  specified and  then checks  the authority.   DSPOBJD  will not
add  a  record to  the outfile  if  the user  is  not authorized  to an
object (*EXCLUDE is specified).   This fact may  or may not cause  some
problems.

For  example,  if  the  user  is   excluded  from  an  object  in  your
application, but  properly authorized to all of  the other objects, the
use  of   CHKOBJAUT  would   complete  successfully.     However,   the
application  may still  fail  when the  user  attempts to  process  the
excluded object.

If  your application  involves  system commands,  some  system commands
will  work if an object is  excluded and some will  not.  Here are some
examples:

  **   GRTOBJAUT can be used to  grant authority to a generic  group of
       objects  if the  user has  *OBJMGT authority.   If  the  user is
       excluded  from one of  the objects,  but has *OBJMGT  to all the
       others, the GRT command  works successfully.  Consequently,  you
       could  use  CHKOBJAUT  first  before  granting  authority  to  a
       generic name.

  **   CRTDUPOBJ  can be  used  for a  generic name  and  also requires
       *OBJMGT authority.  However,  if the user  is excluded from  one
       of  the generic  objects, CRTDUPOBJ  will  fail.   Consequently,
       CHKOBJAUT  is not a  perfect solution  if you are  attempting to
       determine  if the user  can duplicate a  generic set of objects.

Command parameters                                    *CMD
------------------

   OBJ           The qualified object  name of the  object.  A  generic
                 name may  be used  or the special  value *ALL  for all
                 objects.

                 The  library qualifier  defaults  to *LIBL.   *CURLIB,
                 *ALL, *ALLUSR, or *USRLIBL may be specified.

   OBJTYPE       The object  type.    The  standard  object  types  are
                 supported.  The default is *ALL.

                 *ALL  may not  be specified  if a  specific object  is
                 named and  a library of *LIBL or  *USRLIBL.  This is a
                 DSPOBJD restriction.

   AUT           The authority to be checked.  The default is *ALL.

                 The same values as exist  on CHKOBJ are valid such  as
                 *USE,  *CHANGE,  *OBJMGT,   and  *READ.     The  value
                 *EXCLUDE is not supported.

Restrictions
------------

See the section on considerations.

Prerequisites
-------------

The following TAA Tools must be on your system:

     EDTVAR          Edit variable
     EXTLST          Extract list
     CHKGENERC       Check generic
     SNDDIAGMSG      Send diagnostic message
     SNDCOMPMSG      Send completion message
     SNDESCMSG       Send escape message
     SNDSTSMSG       Send status message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   CHKOBJAUT     *CMD                   TAASEDO       QATTCMD
   TAASEDOC      *PGM       CLP         TAASEDOC      QATTCL

Added to TAA Productivity tools May 1, 1996

Home Page

Up to Top