DSPPGMADP2 -- Display Program Adopt 2

DSPPGMADP2 DISPLAY PROGRAM ADOPT 2 TAAOBLO
The Display Program Adopt 2 command displays or lists the programs which adopt (USRPRF = OWNER) or those which do not use adopted authority from a calling program. Both PGM and SRVPGM object types are supported. The DSPPGMADP2 function operates on a library basis as opposed to the system DSPPGMADP command which operates on a user profile basis. The CHGPGM command may be used to set the USEADPAUT function to NO which prevents adopted authority being used by a program higher in the program stack. You must have ALLOBJ special authority to use a LIB value of ALL, ALLUSR, ALLUSR2, ALLNONQ, or IBM. A typical command would be: DSPPGMADP2 LIB(ABC DEF) All programs in the two libraries would be checked and a display would appear with the programs that adopt or do not use adopted authority from a calling program. System support -------------- The USRPRF parameter appears on CRT commands for PGM objects to allow for 'program adopt' capability. The default is USER meaning the program will run under the authority of the current user. If OWNER is specified, the program runs with the cumulative authority of both the owner and the current user. This means if either the owner or the current user is authorized, a function can be performed. The same authority is also used for any sub programs (ie. adopted authority goes down the program stack). If a sub program is called that also specifies USRPRF(OWNER) and has a different owner, authority is checked with all the cumulative authority. You can prevent the accumulation of authority going down the stack with the CHGPGM command. It supports the USEADPAUT command which defaults to SAME. Either NO or YES may be specified. When a program is created, the default is YES (no option exists on a CRT program command to set it to NO). If NO is specified, the authority for a sub program that is called causes the sub program to run under the authority of the current user. Any programs called from the sub program also run under the authority of the current user. The DSPPGM command shows these attributes for a program. Both the 'program adopt' function (shown as 'User profile') and USEADPAUT (shown as 'Use adopted authority) function are displayed. A single program could use both 'program adopt' and USEADPAUT(NO). A typical case of where you would want to be careful with the program adopt function is where a program needs to do some functions that the current user should not be authorized to do directly, but then needs a system function such as WRKOUTQ. If the program is owned by a user such as QPGMR who has JOBCTL authority, you have to consider the impact of making the user as powerful as a typical QPGMR profile. If WRKOUTQ is performed in the same program that does the adopt, the current user has both a command line and the ability to delete spooled files which are not his own. If the user is specified as LMTCPB(NO), the command line is open and the user could enter a command such as PWRDWNSYS (requires JOBCTL special authority). If the user is specified as LMTCPB(YES), the command line is still protected and cannot be used. However, the user could delete spooled files which are not his own. To prevent the spooled file deletion capability, you can create a sub program which does WRKOUTQ and use CHGPGM with USEADPAUT(NO) on the sub program. This means when the WRKOUTQ display appears, the user is operating under his own authority and could not delete another user's spooled files. If you have a complex program stack with the use of program adoption and USEADPAUT(NO), a good TAA Tool to see what the current status is PRTPGMSTK. This has to be inserted into a program where you want to review the program stack. DSPPGMADP2 escape messages you can monitor for ---------------------------------------------- None. Escape messages from based on functions will be re-sent. DSPPGMADP2 Command parameters CMD ----------------------------- LIB The list of libraries to be processed. Up to 300 libraries may be entered (including generic names) or the special values LIBL, USRLIBL, CURLIB, ALLUSR, ALLUSR2, ALLNONQ, IBM, or ALL. You must have ALLOBJ authority to specify a value of ALL, ALLUSR, ALLUSR2, ALLNONQ, or IBM. For LIBL and USRLIBL, if a current library exists, it will be written as a record before the records for the user portion of the library list. If the current library is also part of the user portion of the library list, it will only appear once (it is removed from the user portion list). ALLUSR omits certain # libraries such as #RPGLIB. ALLUSR also omits all Q libraries with certain exceptions such as QGPL. See the help text for the SAVLIB command for a complete list. Note that if you have your own library which begins with Q, it is omitted. IBM causes all libraries to be included based on the definition for DSPOBJD LIB(IBM). ALLUSR2 is similar to ALLUSR. It omits the same # libraries, but also omits any library beginning with Q. Note that if you have your own library which begins with Q, it is omitted. ALLNONQ means any library that does not begin with the letter Q. LIBTYPE Whether to select all or a specified library type. ALL is the default to select all types. PROD may be used to select only production (PROD) libraries. TEST may be used to select only test (TEST) libraries. OMITLIB A list of up to 300 libraries or generic library names that should be omitted. NONE is the default. An omit list may not be entered for LIB(CURLIB). No check occurs to see if an omit library would have been selected. For example, if LIB(LIBL) is entered with OMITLIB(ABC) and library ABC is not on the library list, no error occurs. OUTPUT How to output the results. * is the default to display the spooled file if the command is entered interactively. The spooled file is deleted after it is displayed. If the command is entered in batch or PRINT is specified, the spooled file is output and retained. Restrictions ------------ You must have ALLOBJ authority to specify a value of ALL, ALLUSR, ALLUSR2, ALLNONQ, or IBM. SQLPKG objects are not supported. Prerequisites ------------- The following TAA Tools must be on your system: CVTLIBOBJD Convert library object description CVTPGMA Convert program attributes EXTLST2 Extract list 2 RTVSYSVAL3 Retrieve system value 3 SNDCOMPMSG Send completion message SNDESCINF Send escape information SNDESCMSG Send escape message SNDJLGMSG Send job log message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- DSPPGMADP2 CMD TAAOBLO QATTCMD TAAOBLOC PGM CLP TAAOBLOC QATTCL TAAOBLOR *PGM RPG TAAOBLOR QATTRPG

DSPPGMADP2      DISPLAY PROGRAM ADOPT 2                TAAOBLO


The Display  Program Adopt  2 command  displays or  lists the  programs
which  adopt  (USRPRF =  *OWNER)  or  those which  do  not use  adopted
authority  from a calling program.   Both *PGM and *SRVPGM object types
are supported.   The DSPPGMADP2  function operates  on a library  basis
as opposed  to the  system DSPPGMADP command  which operates on  a user
profile basis.

The  CHGPGM command may  be used to  set the USEADPAUT  function to *NO
which prevents  adopted authority  being used  by a  program higher  in
the program stack.

You must  have *ALLOBJ special  authority to use  a LIB value  of *ALL,
*ALLUSR, *ALLUSR2, *ALLNONQ, or *IBM.

A typical command would be:

            DSPPGMADP2  LIB(ABC DEF)

All  programs  in the  two libraries  would  be checked  and  a display
would appear  with  the programs  that  adopt  or do  not  use  adopted
authority from a calling program.

System support
--------------

The  USRPRF parameter  appears  on CRT  commands  for *PGM  objects  to
allow  for 'program adopt'  capability.   The default is  *USER meaning
the program will run under the authority of the current user.

If   *OWNER  is  specified,  the   program  runs  with  the  cumulative
authority of  both  the owner  and the  current user.    This means  if
either the owner  or the current user is authorized,  a function can be
performed.   The same authority is also  used for any sub programs (ie.
adopted authority goes down  the program stack).   If a sub program  is
called that  also specifies USRPRF(*OWNER)  and has a  different owner,
authority is checked with all the cumulative authority.

You  can prevent  the accumulation  of authority  going down  the stack
with the  CHGPGM command.    It supports  the USEADPAUT  command  which
defaults to  *SAME.   Either  *NO or  *YES may  be specified.   When  a
program  is created, the  default is  *YES (no  option exists on  a CRT
program  command  to  set  it  to  *NO).    If  *NO  is  specified, the
authority for a sub  program that is called  causes the sub program  to
run  under the  authority of  the current  user.   Any  programs called
from  the  sub program  also  run under  the authority  of  the current
user.

The DSPPGM  command shows these  attributes for  a program.   Both  the
'program  adopt'  function  (shown  as 'User  profile')  and  USEADPAUT
(shown  as 'Use adopted  authority) function  are displayed.   A single
program could use both 'program adopt' and USEADPAUT(*NO).

A typical case of where you would  want to be careful with the  program
adopt function is where  a program needs to do some  functions that the
current user  should not be  authorized to do directly,  but then needs
a  system function such as WRKOUTQ.  If  the program is owned by a user
such as  QPGMR who  has  *JOBCTL authority,  you have  to consider  the
impact of making the user as powerful as a typical QPGMR profile.

If WRKOUTQ  is performed in the  same program that does  the adopt, the
current  user  has  both  a command  line  and  the  ability  to delete
spooled files which are not his own.

If the user is specified as  LMTCPB(*NO), the command line is open  and
the user  could enter  a command  such as  PWRDWNSYS (requires  *JOBCTL
special  authority).   If the  user is  specified as  LMTCPB(*YES), the
command line  is still  protected and  cannot be  used.   However,  the
user could delete spooled files which are not his own.

To prevent the spooled  file deletion capability, you can  create a sub
program which  does WRKOUTQ and  use CHGPGM with  USEADPAUT(*NO) on the
sub  program.   This means when  the WRKOUTQ display  appears, the user
is operating  under  his own  authority and  could  not delete  another
user's spooled files.

If you  have a complex program  stack with the use  of program adoption
and  USEADPAUT(*NO), a good TAA Tool to  see what the current status is
PRTPGMSTK.  This has  to be inserted into a  program where you want  to
review the program stack.

DSPPGMADP2 escape messages you can monitor for
----------------------------------------------

None.  Escape messages from based on functions will be re-sent.

DSPPGMADP2 Command parameters                         *CMD
-----------------------------

   LIB           The list  of libraries  to be  processed.   Up to  300
                 libraries  may  be entered  (including  generic names)
                 or  the  special  values  *LIBL,  *USRLIBL,   *CURLIB,
                 *ALLUSR, *ALLUSR2, *ALLNONQ, *IBM, or ALL.

                 You must  have *ALLOBJ  authority to  specify a  value
                 of *ALL, *ALLUSR, *ALLUSR2, *ALLNONQ, or *IBM.

                 For *LIBL  and *USRLIBL, if a  current library exists,
                 it  will  be written  as a  record before  the records
                 for the  user portion  of the  library list.   If  the
                 current library  is also part  of the user  portion of
                 the  library list,  it  will only  appear once  (it is
                 removed from the user portion list).

                 *ALLUSR omits  certain #  libraries such  as  #RPGLIB.
                 *ALLUSR  also  omits  all  Q  libraries  with  certain
                 exceptions  such as QGPL.   See the help  text for the
                 SAVLIB command  for a  complete list.   Note  that  if
                 you have your own  library which begins with Q,  it is
                 omitted.

                 *IBM  causes all  libraries  to be  included  based on
                 the definition for DSPOBJD LIB(*IBM).

                 *ALLUSR2  is similar to *ALLUSR.   It omits the same #
                 libraries, but also  omits any library beginning  with
                 Q.   Note  that if  you  have your  own library  which
                 begins with Q, it is omitted.

                 *ALLNONQ  means any library  that does  not begin with
                 the letter Q.

   LIBTYPE       Whether to  select all  or a  specified library  type.
                 *ALL is the default to select all types.

                 *PROD may  be used  to select  only production  (PROD)
                 libraries.

                 *TEST   may  be  used  to   select  only  test  (TEST)
                 libraries.

   OMITLIB       A list  of  up to  300  libraries or  generic  library
                 names that should  be omitted.  *NONE is  the default.

                 An omit list may not be entered for LIB(*CURLIB).

                 No check  occurs to see if an  omit library would have
                 been   selected.    For   example,  if  LIB(*LIBL)  is
                 entered with  OMITLIB(ABC) and library  ABC is not  on
                 the library list, no error occurs.

   OUTPUT        How  to output  the  results.   *  is  the default  to
                 display  the spooled  file if  the command  is entered
                 interactively.  The spooled  file is deleted after  it
                 is displayed.

                 If  the  command is  entered  in  batch or  *PRINT  is
                 specified,  the spooled  file is output  and retained.


Restrictions
------------

                 You must  have *ALLOBJ  authority to  specify a  value
                 of *ALL, *ALLUSR, *ALLUSR2, *ALLNONQ, or *IBM.

                 *SQLPKG objects are not supported.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CVTLIBOBJD      Convert library object description
     CVTPGMA         Convert program attributes
     EXTLST2         Extract list 2
     RTVSYSVAL3      Retrieve system value 3
     SNDCOMPMSG      Send completion message
     SNDESCINF       Send escape information
     SNDESCMSG       Send escape message
     SNDJLGMSG       Send job log message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   DSPPGMADP2    *CMD                   TAAOBLO       QATTCMD
   TAAOBLOC      *PGM       CLP         TAAOBLOC      QATTCL
   TAAOBLOR      *PGM       RPG         TAAOBLOR      QATTRPG

Added to TAA Productivity tools October 15, 2008

Home Page

Up to Top