The Display Job 3 command allows a user who has *USE authority to the
TAAJOBCTL authorization list to perform DSPJOB functions for a job
that is not his own. This allows trusted individuals (such as
programmers) to have DSPJOB capability as if they had *JOBCTL special
authority without directly specifying *JOBCTL in their user profile.
The *JOBCTL special authority provides a lot of capability such as:
- Display any job
- Display spooled file data for any job, change the
spooled file, delete the spooled file (except
for spooled files in 'private output queues')
- Change any job
- End any job
- Clear job queues
- Clear output queues
- Power down the system
Because of this, some installations want to minimize the use of
*JOBCTL special authority, but still have a need to allow some users
to display jobs that are not their own. DSPJOB3 provides this
capability by allowing trusted users to be authorized to the
TAAJOBCTL authorization list.
DSPJOB3 supports the same parameters as the system DSPJOB command. A
typical command would be:
Assuming the user was authorized, the TAA DSPJOB3 menu would appear
which has the same options as the system DSPJOB menu.
The DSPJOB3 command is authorized for PUBLIC(*USE). This allows any
user to use the command, but the following rules exist:
** If a user has no authority to the TAAJOBCTL authorization list
and does not have *JOBCTL special authority, the user can only
operate on his own jobs (TAA9894 is sent as an escape message
if the user is not the owner of the job).
** If a user has *USE authority to the TAAJOBCTL authorization
list or has *JOBCTL special authority, the user can display a
job which is not his own (it is also possible to adopt
authority to *JOBCTL in a program that runs the DSPJOB3
Two restrictions exist when displaying a job other than your
own (these are the same as supported by the system DSPJOB
-- Spooled files which exist in a 'private output queue'
can be listed, but the data cannot be displayed unless
the user has *SPLCTL special authority (it is not
adopted). A 'private output queue' is created by the
CRTOUTQ command OPRCTL(*NO) function.
-- The DSPJOB OPTION(*JOBLOG) is prevented if the user
running the command does not have *ALLOBJ special
authority and attempts to display a job of a user who
has *ALLOBJ special authority.
Duplicate job handling
If a fully qualified job name is not entered, there may be duplicate
jobs for the same values entered (either Job or Job/User).
DSPJOB3 supports the same DSPDUPJOB parameter as on DSPJOB. The
default is *SELECT to display a menu of the duplicates. This occurs
by using the TAA DSPDUPJOB display and the user may select the job to
If DSPDUPJOB(*MSG) is specified, the CPF1069 escape message (same ID
used by DSPJOB) will be sent if duplicates exist.
TAAJOBCTL Authorization List
The TAAJOBCTL authorization list allows certain TAA Tools to function
as if the user was directly authorized to *JOBCTL special authority.
By authorizing a user to *USE authority to the Authorization List,
you enable the user to do a few other functions which are similar to
The EXCJOBCTL command is under control of the TAAJOBCTL authorization
list. The EXCJOBCTL command allows a user to run some standard TAA
functions such as CVTWRKUSR which creates an outfile of job
information. The Security Officer may also specify what other
commands may be run under *JOBCTL special authority. See the
discussion with the EXCJOBCTL tool.
TAAJOBCTL Special profile
The owner of the DSPJOB3 processing program (TAAJODCC) is TAAJOBCTL.
This special profile is created when installing the TAA Productivity
Tools and has the special authority *JOBCTL. No other special
authorities exist. The profile is created with PASSWORD(*NONE) so it
may not be signed onto.
The processing program (TAAJODCC) adopts the owners authority
(TAAJOBCTL) during the running of the program.
Checking for authorization is done using a program that 'unadopts'.
The purpose of using the TAAJOBCTL user profile (rather than QSECOFR
who owns other TAATOOL objects) is to prevent the adoption of
*SPLCTL. *SPLCTL special authority allows access to any spooled file
including those in 'private output queues'. Unless the user of the
DSPJOB3 command is the same as the user of the job (or the the user
of the command has the *SPLCTL special authority), spooled files in
'private output queues' cannot be displayed with DSPJOB3.
When the TAA Productivity Tools are installed, the TAAJOBCTL user
profile and DSPJOB3 program are set to allow correct processing.
During the execution of the DSPJOB3 program, the program owner and
user profile are checked to ensure that:
** The DSPJOB3 program is owned by TAAJOBCTL.
** The TAAJOBCTL user profile has the special authority *JOBCTL
and no other special authorities.
DSPJOB3 escape messages you can monitor for
CPF1069 If duplicate jobs exist and DSPDUPJOB(*MSG)
CPF1070 The job could not be found
TAA9894 Not authorized to another users job
- User is not authorized to TAAJOBCTL *AUTL
Escape messages from based on functions will be re-sent.
Command parameters *CMD
JOB The qualified name of the job to be displayed. * is
the default meaning the current job.
The user must be authorized to display the job
either because 1) it is his own, 2) he has *JOBCTL
special authority, or 3) he is authorized to the
TAAJOBCTL authorization list.
The same restrictions relative to OPTION(*SPLF) and
OPTION(*JOBLOG) as exist for the system DSPJOB
command also exist for DSPJOB3. See the previous
OUTPUT How to output the results. * is the default which
means to display the results if the command is run
If the command is run in batch or *PRINT is
specified, the results are printed by DSPJOB.
OPTION The name of the special value whose information is
displayed. The choices are the same as appear on
the DSPJOB command. Use the ? function in the
parameter for the complete list.
DUPJOBOPT The action to perform if duplicate jobs exist for
the same values entered (such as duplicate jobs for
a job name or a job/user name). The default is
*SELECT which causes the TAA DSPDUPJOB menu to
appear so an individual job may be selected.
*MSG may be specified to cause the CPF1069 escape
See the previous comments about authorization.
The following TAA Tools must be on your system:
CHKJOBCTL Check job control
DSPDUPJOB Display duplicate job
RTVJOBSTS Retrieve job status
SNDCOMPMSG Send completion message
SNDESCMSG Send escape message
None, the tool is ready to use.
Objects used by the tool
Object Type Attribute Src member Src file
------ ---- --------- ---------- ----------
DSPJOB3 *CMD TAAJODC QATTCMD
TAAJODCC *PGM CLP TAAJODCC QATTCL
TAAJODCD *FILE DSPF TAAJODCD QATTDDS
Note that the TAAJODCC program is owned by the TAAJOBCTL user profile
and adopts the owners authority.