TAA Tools
CHKTAAAUT       CHECK TAA AUTHORITIES                  TAATOMM

The Check  TAA Authorities command  checks the current  authorities for
TAA objects  and compares them  to the shipped version  of the product.
TAA  objects  in  QSYS  may  also be  included  in  the  check  such as
Authorization Lists.    This  allows  a simple  determination  of  what
authority changes  have been  made on your  system.  This  helps ensure
that the TAA Tools may not be used without proper authority.

You must have *ALLOBJ authority to use CHKTAAAUT.

When  *ALL  or  *CMD is  specified  for the  type  of  authorities, TAA
commands  outside  of  library  TAATOOL  are  also  considered.    This
includes TAA  commands if  a TAA Command  library exists,  but excludes
commands in QSYS, QSYS38, or QSYSVxxx (prior release commands).

When  *ALL  is  specified for  the  type  of  authorities, TAA  objects
outside of TAATOOL and TAASECURE are flagged.

A typical use would be to submit the  command to batch as it is a  long
running function if *ALL types of objects are requested.

             SBMJOB  JOB(CHKTAAAUT)  CMD(CHKTAAAUT TYPE(*ALL))

A listing would be output.  The listing may have:

  **   Exceptions where you  have made a  change such as adding  a user
       to  an authorization list  or changed the  shipped authorization
       for the *PUBLIC user.

  **   Warnings  such as a different owner  of the SNDTIMMSG data queue
       (this could occur  if you delete  and re-create the data  queue.

CHKTAAAUT internals
-------------------

Most TAA  objects are  shipped as *PUBLIC(*USE)  and owned  by QSECOFR.
Several  exceptions   exist  such  as  Authorization  Lists  which  are
shipped *PUBLIC(*EXCLUDE), objects  where the  *PUBLIC is specified  as
*AUTL, and the TAAJOBCTL user profile.

As  part  of the  TAA  Productivity  Tools  product, file  TAATOMMP  is
shipped  with some specific exceptions.   The file  contains one record
for each object  that has  an exception in  authority or  authorization
list such as if the *PUBLIC user is not *USE.

When CHKTAAAUT begins, a  file is created or every  object specified on
the CHKTAAAUT  command.  The  file is then  read and DSPOBJAUT  is used
for  each object to create an  outfile of authorizations.  The TAATOMMP
file is read and is used to build an array in the program.

The  DSPOBJAUT outfile  is  then  read.   General  exceptions  such  as
Authorization  List objects,  the  TAAJOBCTL user  profile are  handled
with  unique code.   The  majority of objects  are checked  against the
array of exceptions and any differences are noted.

Both exceptions and  warnings may  appear in the  listing.   Exceptions
are considered  to be significant changes  such as where  the authority
to  an  object  has  been  changed,  a  user  has  been  added,  or  an
Authorization List is not *PUBLIC *EXCLUDE.

Warnings may  be issued  for  situations such  as where  the  TAAJOBCTL
user profile or the SNDTIMMSG *DTAQ are not owned by QSECOFR.

CHKTAAAUT escape messages you can monitor for
---------------------------------------------

None.  Escape messages from based on functions will be re-sent.

CHKTAAAUT Command parameters                          *CMD
----------------------------

   TYPE          The type of objects to be checked.

                 *ALL is  the default  which checks the  authorizations
                 to  all  objects in  TAATOOL,  all TAA*  Authorization
                 Lists,  the  library  objects  TAATOOL  and TAASECURE,
                 and  the  TAAJOBCTL   user  profile.     TAA  commands
                 outside of  TAATOOL are  also considered.   TAA object
                 names   that  exist   outside   of  the   TAATOOL  and
                 TAASECURE libraries are flagged.

                 You may  request  up  to 20  individual  object  types
                 such as *AUTL  and/or the object types  within TAATOOL
                 such as  *CMD, *PGM, etc.  For  the complete list, use
                 the command prompter.

   OUTPUT        How to  output  the results.    * is  the  default  to
                 display the  spooled file  if the  command is  entered
                 interactively.   The spooled file is  deleted after it
                 is displayed.

                 If  the  command  is  entered in  batch  or  *PRINT is
                 specified, the  spooled file is  output and  retained.

Restrictions
------------

You must have *ALLOBJ special authority to use CHKTAAAUT.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CHKALLOBJ       Check *ALLOBJ special authority
     CVTLIBOBJD      Convert library object descriptions
     CVTPGMA         Convert program attributes
     EDTVAR          Edit variable
     EXTLST          Extract list
     RTVOBJD2        Retrieve object description 2
     RTVSYSVAL3      Retrieve system value 3
     RTVTAALIC       Retrieve TAA license
     SNDCOMPMSG      Send completion message
     SNDESCINF       Send escape information
     SNDJLGMSG       Send job log message
     SNDSTSMSG       Send status message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   CHKTAAAUT     *CMD                   TAATOMM       QATTCMD
   TAATOMMC      *PGM       CLP         TAATOMMC      QATTCL
   TAATOMMC2     *PGM       CLP         TAATOMMC2     QATTCL
   TAATOMMC3     *PGM       CLP         TAATOMMC3     QATTCL
   TAATOMMC4     *PGM       CLP         TAATOMMC4     QATTCL
   TAATOMMR      *PGM       RPG         TAATOMMR      QATTRPG
   TAATOMMR3     *PGM       RPG         TAATOMMR3     QATTRPG
   TAATOMMR4     *PGM       RPG         TAATOMMR4     QATTRPG
   TAATOMMP      *FILE      PF          TAATOMMP      QATTDDS

Structure
---------

CHKTAAAUT   Cmd
   TAATOMMC   CL Pgm - Gets outfile of *AUTLs
                     - Gets TAAJOBCTL user profile
                     - Gets objects in TAATOOL and TAASECURE
                     - Gets program objects for adoption
      TAATOMMC3  CL Pgm  - Gets command objects outside of TAATOOL
          TAATOMMR3  RPG Pgm - Checks for TAA commands in list
      TAATOMMC4  CL Pgm  - Gets TAA objects outside TAATOOL/TAASECUR
      TAATOMMC2  CL Pgm  - Gets object authorities
          TAATOMMR   RPG Pgm - Print program
					

Added to TAA Productivity tools January 1, 2008


Home Page Up to Top