CHKPUBAUTL -- Check Public Authority to AUTL

CHKPUBAUTL CHECK PUBLIC AUTHORITY TO AUTL TAASEDZ
The Check Public Authority to Authorization List command checks an authorization list to ensure: 1) the PUBLIC user is EXCLUDE and 2) the PUBLIC authorization to each object controlled by the authorization list matches the PUBOBJAUT keyword. The default is AUTL meaning that public access is controlled by the authorization list. A spooled file is created with the authorization list, the controlled objects and any exceptions. The intent of the command is to allow you to check for a security approach that uses an authorization list to control objects and prevents public access to the objects. You would grant authority to the authorization list for specific users. The listing describes any conditions where the public would be able to access an object controlled by the list. A single authorization list may be specified, a generic name, or ALL. You must have ALLOBJ authority to use CHKPUBAUTL. A typical command would be: CHKPUBAUTL AUTL(xxx) The default is to check the objects authorized to the authorization list for the PUBLIC user as AUTL meaning the public accesses according to the authorization lists PUBLIC authority. A spooled file would be created that lists each authorization list and the controlled objects. Any exceptions are noted in print positions 110 - 130. A count of the exceptions is included in the completion message for the command. Only objects in the library file system are checked. Objects that have no counterpart in the library file system are skipped. Command parameters CMD ------------------ AUTL The name of the Authorization List to be checked. A generic name may be entered or ALL. PUBOBJAUT The public object authority to check for. The default is AUTL meaning that public access to the object is controlled by the authorization list. EXCLUDE, CHANGE, or USE may be specified which have the same meaning as on any object authorization. TAASECOFR2 Whether to check of the TAASECOFR2 authorization list. The default is NO which will not check TAASECOFR2 if ends up being included. The TAASECOFR2 authorization list is shipped with PUBLIC having EXCLUDE authority. The authorization list is used to control the use of the menu for devices that are in an open area. CHANGE allows any user to access the menu. USE authority requires a user to confirm his password before accessing the menu. YES may be specified to cause the normal check of the TAASECOFR2 authorization list. Restrictions ------------ You must have ALLOBJ authority to use CHKPUBAUTL. Prerequisites ------------- The following TAA Tools must be on your system: BLDPRTLIN Build print line CHKALLOBJ Check all object CHKGENERC Check generic EDTVAR Edit variable PRINT Print RTVOBJAUT Retrieve object authority SNDCOMPMSG Send completion message SNDSTSMSG Send status message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- CHKPUBAUTL CMD TAASEDZ QATTCMD TAASEDZC PGM CLP TAASEDZC QATTCL TAASEDZC2 PGM CLP TAASEDZC2 QATTCL TAASEDZC3 PGM CLP TAASEDZC3 QATTCL

CHKPUBAUTL      CHECK PUBLIC AUTHORITY TO AUTL         TAASEDZ


The Check  Public  Authority to  Authorization List  command checks  an
authorization list  to ensure: 1)  the *PUBLIC user is  *EXCLUDE and 2)
the   *PUBLIC   authorization  to   each   object  controlled   by  the
authorization list  matches  the PUBOBJAUT  keyword.   The  default  is
*AUTL  meaning that public  access is  controlled by  the authorization
list.

A  spooled file is created with  the authorization list, the controlled
objects and any exceptions.

The intent  of the command  is to  allow you  to check  for a  security
approach  that  uses  an  authorization list  to  control  objects  and
prevents  public access to the  objects.  You would  grant authority to
the authorization list for specific  users.  The listing describes  any
conditions  where  the  public  would  be  able  to  access  an  object
controlled by the list.

A  single  authorization list  may  be specified,  a  generic name,  or
*ALL.

You must have *ALLOBJ authority to use CHKPUBAUTL.

A typical command would be:

             CHKPUBAUTL   AUTL(xxx)

The  default is  to check the  objects authorized  to the authorization
list  for  the *PUBLIC  user  as  *AUTL  meaning  the  public  accesses
according to the authorization lists *PUBLIC authority.

A  spooled file  would be  created that  lists each  authorization list
and  the  controlled  objects.    Any  exceptions  are  noted in  print
positions 110 -  130.   A count of  the exceptions is  included in  the
completion message for the command.

Only objects  in the  library file  system are  checked.  Objects  that
have no counterpart in the library file system are skipped.

Command parameters                                    *CMD
------------------

   AUTL          The name  of the Authorization List to  be checked.  A
                 generic name may be entered or *ALL.

   PUBOBJAUT     The  public  object  authority  to  check  for.    The
                 default is  *AUTL meaning  that public  access to  the
                 object is controlled by the authorization list.

                 *EXCLUDE,  *CHANGE,  or *USE  may  be specified  which
                 have    the   same   meaning    as   on   any   object
                 authorization.

   TAASECOFR2    Whether  to  check  of  the  TAASECOFR2  authorization
                 list.    The  default  is  *NO which  will  not  check
                 TAASECOFR2 if ends up being included.

                 The  TAASECOFR2  authorization  list  is shipped  with
                 *PUBLIC    having    *EXCLUDE    authority.        The
                 authorization list is  used to control the  use of the
                 menu  for devices that are  in an open  area.  *CHANGE
                 allows any user  to access the  menu.  *USE  authority
                 requires  a  user  to  confirm   his  password  before
                 accessing the menu.

                 *YES  may be specified  to cause  the normal  check of
                 the TAASECOFR2 authorization list.

Restrictions
------------

You must have *ALLOBJ authority to use CHKPUBAUTL.

Prerequisites
-------------

The following TAA Tools must be on your system:

     BLDPRTLIN       Build print line
     CHKALLOBJ       Check all object
     CHKGENERC       Check generic
     EDTVAR          Edit variable
     PRINT           Print
     RTVOBJAUT       Retrieve object authority
     SNDCOMPMSG      Send completion message
     SNDSTSMSG       Send status message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   CHKPUBAUTL    *CMD                   TAASEDZ       QATTCMD
   TAASEDZC      *PGM       CLP         TAASEDZC      QATTCL
   TAASEDZC2     *PGM       CLP         TAASEDZC2     QATTCL
   TAASEDZC3     *PGM       CLP         TAASEDZC3     QATTCL

Added to TAA Productivity tools May 1, 1998

Home Page

Up to Top