TAA Tools

The Display  Program Adopt  2 command  displays or  lists the  programs
which  adopt  (USRPRF =  *OWNER)  or  those which  do  not use  adopted
authority  from a calling program.   Both *PGM and *SRVPGM object types
are supported.   The DSPPGMADP2  function operates  on a library  basis
as opposed  to the  system DSPPGMADP command  which operates on  a user
profile basis.

The  CHGPGM command may  be used to  set the USEADPAUT  function to *NO
which prevents  adopted authority  being used  by a  program higher  in
the program stack.

You must  have *ALLOBJ special  authority to use  a LIB value  of *ALL,

A typical command would be:

            DSPPGMADP2  LIB(ABC DEF)

All  programs  in the  two libraries  would  be checked  and  a display
would appear  with  the programs  that  adopt  or do  not  use  adopted
authority from a calling program.

System support

The  USRPRF parameter  appears  on CRT  commands  for *PGM  objects  to
allow  for 'program adopt'  capability.   The default is  *USER meaning
the program will run under the authority of the current user.

If   *OWNER  is  specified,  the   program  runs  with  the  cumulative
authority of  both  the owner  and the  current user.    This means  if
either the owner  or the current user is authorized,  a function can be
performed.   The same authority is also  used for any sub programs (ie.
adopted authority goes down  the program stack).   If a sub program  is
called that  also specifies USRPRF(*OWNER)  and has a  different owner,
authority is checked with all the cumulative authority.

You  can prevent  the accumulation  of authority  going down  the stack
with the  CHGPGM command.    It supports  the USEADPAUT  command  which
defaults to  *SAME.   Either  *NO or  *YES may  be specified.   When  a
program  is created, the  default is  *YES (no  option exists on  a CRT
program  command  to  set  it  to  *NO).    If  *NO  is  specified, the
authority for a sub  program that is called  causes the sub program  to
run  under the  authority of  the current  user.   Any  programs called
from  the  sub program  also  run under  the authority  of  the current

The DSPPGM  command shows these  attributes for  a program.   Both  the
'program  adopt'  function  (shown  as 'User  profile')  and  USEADPAUT
(shown  as 'Use adopted  authority) function  are displayed.   A single
program could use both 'program adopt' and USEADPAUT(*NO).

A typical case of where you would  want to be careful with the  program
adopt function is where  a program needs to do some  functions that the
current user  should not be  authorized to do directly,  but then needs
a  system function such as WRKOUTQ.  If  the program is owned by a user
such as  QPGMR who  has  *JOBCTL authority,  you have  to consider  the
impact of making the user as powerful as a typical QPGMR profile.

If WRKOUTQ  is performed in the  same program that does  the adopt, the
current  user  has  both  a command  line  and  the  ability  to delete
spooled files which are not his own.

If the user is specified as  LMTCPB(*NO), the command line is open  and
the user  could enter  a command  such as  PWRDWNSYS (requires  *JOBCTL
special  authority).   If the  user is  specified as  LMTCPB(*YES), the
command line  is still  protected and  cannot be  used.   However,  the
user could delete spooled files which are not his own.

To prevent the spooled  file deletion capability, you can  create a sub
program which  does WRKOUTQ and  use CHGPGM with  USEADPAUT(*NO) on the
sub  program.   This means when  the WRKOUTQ display  appears, the user
is operating  under  his own  authority and  could  not delete  another
user's spooled files.

If you  have a complex program  stack with the use  of program adoption
and  USEADPAUT(*NO), a good TAA Tool to  see what the current status is
PRTPGMSTK.  This has  to be inserted into a  program where you want  to
review the program stack.

DSPPGMADP2 escape messages you can monitor for

None.  Escape messages from based on functions will be re-sent.

DSPPGMADP2 Command parameters                         *CMD

   LIB           The list  of libraries  to be  processed.   Up to  300
                 libraries  may  be entered  (including  generic names)
                 or  the  special  values  *LIBL,  *USRLIBL,   *CURLIB,
                 *ALLUSR, *ALLUSR2, *ALLNONQ, *IBM, or ALL.

                 You must  have *ALLOBJ  authority to  specify a  value
                 of *ALL, *ALLUSR, *ALLUSR2, *ALLNONQ, or *IBM.

                 For *LIBL  and *USRLIBL, if a  current library exists,
                 it  will  be written  as a  record before  the records
                 for the  user portion  of the  library list.   If  the
                 current library  is also part  of the user  portion of
                 the  library list,  it  will only  appear once  (it is
                 removed from the user portion list).

                 *ALLUSR omits  certain #  libraries such  as  #RPGLIB.
                 *ALLUSR  also  omits  all  Q  libraries  with  certain
                 exceptions  such as QGPL.   See the help  text for the
                 SAVLIB command  for a  complete list.   Note  that  if
                 you have your own  library which begins with Q,  it is

                 *IBM  causes all  libraries  to be  included  based on
                 the definition for DSPOBJD LIB(*IBM).

                 *ALLUSR2  is similar to *ALLUSR.   It omits the same #
                 libraries, but also  omits any library beginning  with
                 Q.   Note  that if  you  have your  own library  which
                 begins with Q, it is omitted.

                 *ALLNONQ  means any library  that does  not begin with
                 the letter Q.

   LIBTYPE       Whether to  select all  or a  specified library  type.
                 *ALL is the default to select all types.

                 *PROD may  be used  to select  only production  (PROD)

                 *TEST   may  be  used  to   select  only  test  (TEST)

   OMITLIB       A list  of  up to  300  libraries or  generic  library
                 names that should  be omitted.  *NONE is  the default.

                 An omit list may not be entered for LIB(*CURLIB).

                 No check  occurs to see if an  omit library would have
                 been   selected.    For   example,  if  LIB(*LIBL)  is
                 entered with  OMITLIB(ABC) and library  ABC is not  on
                 the library list, no error occurs.

   OUTPUT        How  to output  the  results.   *  is  the default  to
                 display  the spooled  file if  the command  is entered
                 interactively.  The spooled  file is deleted after  it
                 is displayed.

                 If  the  command is  entered  in  batch or  *PRINT  is
                 specified,  the spooled  file is output  and retained.


                 You must  have *ALLOBJ  authority to  specify a  value
                 of *ALL, *ALLUSR, *ALLUSR2, *ALLNONQ, or *IBM.

                 *SQLPKG objects are not supported.


The following TAA Tools must be on your system:

     CVTLIBOBJD      Convert library object description
     CVTPGMA         Convert program attributes
     EXTLST2         Extract list 2
     RTVSYSVAL3      Retrieve system value 3
     SNDCOMPMSG      Send completion message
     SNDESCINF       Send escape information
     SNDESCMSG       Send escape message
     SNDJLGMSG       Send job log message


None, the tool is ready to use.

Objects used by the tool

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   DSPPGMADP2    *CMD                   TAAOBLO       QATTCMD
   TAAOBLOC      *PGM       CLP         TAAOBLOC      QATTCL
   TAAOBLOR      *PGM       RPG         TAAOBLOR      QATTRPG

Added to TAA Productivity tools October 15, 2008

Home Page Up to Top