TAA Tools

The Display  User Authority 2  command displays  a user's authority  to
objects within  a library.  Both individual  authority, group authority
(including   supplemental   groups),   and   authority   controlled  by
authorization lists  are described.   An individual  object, a  generic
name,  or all  objects  can be  specified.   A  specific  type, or  all
object types may be requested.

DSPUSRAUT2  provides a simple method of determining  what a user can do
in a library.

Program  adopt  as  specified  by  USRPRF(*OWNER)  on   create  program
commands is not considered.

You must have *ALLOBJ authority to use DSPUSRAUT2.

A typical command would be:

             DSPUSRAUT2    LIB(xxx) USER(USER1)

If  the command  is entered  interactively,  a display  appears of  the
listing.   All  objects that USER1  has at  least *USE authority  to in
the named library would  be listed.  The  listing would describe  where
the authority comes from such as:

        - A specific authority to an object
        - An authority based on a group profile
        - An authority based on an authorization list
        - Access via the *PUBLIC user

If the  user has  no authority  to the  library, an  escape message  is

USER(*PUBLIC) may  be specified to  determine what the  public user may
do (one that is not specifically authorized).

If  the  user  is other  than  *PUBLIC,  an option  exists  (INCPUB) to
bypass the listing of '*PUBLIC  to *OBJ'.  This allows a review  of the
specific authorizations for a given user.

How authority is determined

The  QSYRUSRA API is  used to  check authority.   This  system function
checks  in the  same sequence that  the system  does.   For example, if
the user is  authorized to the  object, the object  is also  controlled
by an  authorization list, and the  user has a different  authority via
the authorization list, the individual authority takes precedence.

DSPUSRAUT2 escape messages you can monitor for

      TAA9891    User is not authorized to the library.

Escape messages from based on functions will be re-sent.

Command parameters                                    *CMD

   LIB           The library to check authorizations for.

   USER          The  user to print  the authorities for.   *PUBLIC may
                 be entered to determine  what any non-authorized  user
                 may do.

   AUT           The authority  to  check for.   Individual  authority,
                 group  authority (including  supplemental  groups, and
                 authorizations  via an authorization  list are checked

                 *USE is the  default meaning that  the user must  have
                 at  least *USE authority  to the  object to  cause the
                 object to be listed.

                 *CHANGE  may be specified  meaning that  the user must
                 have at  least  *CHANGE  authority to  the  object  to
                 cause the object to be listed.

                 *ALL  may be  specified  meaning  that the  user  must
                 have all  authority to the object  to cause the object
                 to be listed.

                 *EXCLUDE may be specified  meaning that the user  must
                 have a  specific *EXCLUDE authority  to the  object to
                 cause the object to be listed.

   OBJ           The object  name to be  checked.  The  default is *ALL
                 for all objects to be checked.

                 A  specific  object or  a generic  object name  may be

   OBJTYPE       The object type  to be checked.   The default is  *ALL
                 for all object types to be checked.

                 A specific object type to be entered.

   INCPUB        A  *YES/*NO   option  for   whether  to   include  the
                 '*PUBLIC to *OBJ' conditions.

                 *YES   is   the  default   which   will   include  the
                 conditions where the *PUBLIC user has access.

                 *NO may  be  specified  to  bypass  these  conditions.
                 Only  the  specific  authorities  for  the  individual
                 user will be included.

   OUTPUT        How  to  output the  results.   *  is  the  default to
                 display the  spooled file  if the  command is  entered
                 interactively.  The  spooled file is deleted  after it
                 is displayed.

                 If  the  command  is entered  in  batch  or *PRINT  is
                 specified,  the spooled  file is  output and retained.


You must have *ALLOBJ special object authority to use DSPUSRAUT2.

Program adopt is not considered.


The following TAA Tools must be on your system:

     CHKALLOBJ       Check all object special authority
     CHKOBJ3         Check object 3
     EDTVAR          Edit variable
     RTVAUTSRCD      Retrieve authority source description
     RTVOBJAUT       Retrieve object authority
     RTVOBJLST       Retrieve object list
     RTVSYSVAL3      Retrieve system value 3
     SNDCOMPMSG      Send completion message
     SNDESCMSG       Send escape message
     SNDSTSMSG       Send status message


None, the tool is ready to use.

Objects used by the tool

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   DSPUSRAUT2    *CMD                   TAASEFR       QATTCMD
   TAASEFRC      *PGM       CLP         TAASEFRC      QATTCL
   TAASEFRR      *PGM       RPG         TAASEFRR      QATTRPG

Added to TAA Productivity tools July 15, 2003

Home Page Up to Top