EDTAUTL2 -- Edit Authorization List 2

EDTAUTL2 EDIT AUTHORIZATION LIST 2 TAASEFA
The Edit Authorization List 2 command is designed for the case where many users exist on an authorization list and it is desirable to display the users in name sequence. This is as opposed to the system EDTAUTL command which displays the users in user profile create date sequence. An exit program may also be named to pass any changes to other systems. You must have ALLOBJ special authority or ALL and AUTLMGT authority to the authorization list to use EDTAUTL2. A typical command would be: EDTAUTL2 AUTL(xxx) The authorization list would be displayed with the current users and their authorities. The following major differences exist between EDTAUTL and EDTAUTL2: * The owner is always the first user on the display (same as EDTAUTL), but the PUBLIC user is always the second instead of the last user. This allows a simple review of one of the most important aspects of security. * The remaining users appear in user profile name order. EDTAUTL2 displays users in create date order. A 'position to' field exists to easily access a user. EDTAUTL requires searching for a user. All detail authorities are shown on the initial display. This is the same as EDTAUTL if the user running the command is specified in the user profile as USROPT(EXPERT). * When F6 is used to add a new user, 'add mode' is started and a single user may be entered on each display (EDTAUTL allows multiple users on a single display). Only the description of the object authority (such as USE) can be entered on this display. * An exit program is available to allow any changes to the authority list to be passed to another system. This is designed to retain duplicate authorities on multiple systems. See the later discussion on the Exit Program. For a similar function on editing object authorities, see the TAA tool EDTOBJAUT2. Exit program ------------ You can name an exit program and be passed the command that is executed to maintain the authorization list. The intent of this function is to allow you to maintain an authorization list on one system and have the same change made automatically on other systems. The exit program must be named using the Application Value EDTAUTL2 in TAASECURE (a User Space object). As an ALLOBJ user, enter: EDTAPPVAL APPVAL(TAASECURE/EDTAUTL2) When the display appears, enter both a program and a library for your exit program. The fields should be blank if no exit program is used. If an exit program is entered, the program must exist when EDTAUTL2 is used. Your exit program must accept a single parameter which is the command to be executed. The parameter is passed as 500 bytes. PGM PARM(&CMD) DCL &CMD CHAR LEN(500) A typical example of what you would do with the command is to use it with a SBMRMTCMD command such as: SBMRMTCMD CMD(&CMD) DDMFILE(xxx) You could also consider logging the command to the audit journal such as: SNDAUDE ID(EDTAUTL2) ENTDTA(&CMD) EDTAUTL2 escape messages you can monitor for -------------------------------------------- None. Escape messages from based on functions will be re-sent. Command parameters CMD ------------------ AUTL The authorization list to be edited. Restrictions ------------ You must have ALLOBJ special authority or ALL and AUTLMGT authority to the authorization list to use EDTAUTL2. Prerequisites ------------- The following TAA Tools must be on your system: ADJVAR Adjust variable CHKALLOBJ Check ALLOBJ special authority RTVAPPVAL Retrieve application value SNDSTSMSG Send status message SNDJLGMSG Send job log message SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- EDTAUTL2 CMD TAASEFA QATTCMD TAASEFAC PGM CLP TAASEFAC QATTCL TAASEFAC2 PGM CLP TAASEFAC2 QATTCL TAASEFAC3 PGM CLP TAASEFAC3 QATTCL TAASEFAC4 PGM CLP TAASEFAC4 QATTCL TAASEFAC5 PGM CLP TAASEFAC5 QATTCL TAASEFAR PGM RPG TAASEFAR QATTRPG TAASEFAD *FILE DSPF TAASEFAD QATTDDS Structure --------- EDTAUTL Cmd TAASEFAC CL Program TAASEFAC5 CL Program - Access exit program in TAASECURE TAASEFAR RPG Program TAASEFAC2 CL Program - Does RVK and GRT TAASEFAC3 CL Program - Get profile, Add new user TAASEFAC4 CL Program - Access user profile and group

EDTAUTL2        EDIT AUTHORIZATION LIST 2              TAASEFA


The Edit Authorization  List 2 command  is designed for the  case where
many  users exist  on  an authorization  list  and it  is  desirable to
display  the users in name sequence.  This  is as opposed to the system
EDTAUTL command which  displays the users  in user profile create  date
sequence.   An exit program  may also be  named to pass any  changes to
other systems.

You   must  have  *ALLOBJ  special  authority   or  *ALL  and  *AUTLMGT
authority to the authorization list to use EDTAUTL2.

A typical command would be:

             EDTAUTL2  AUTL(xxx)

The authorization list  would be displayed with  the current users  and
their authorities.

The following major differences exist between EDTAUTL and EDTAUTL2:

  **   The  owner is  always the  first user  on the  display (same  as
       EDTAUTL), but  the *PUBLIC user is always  the second instead of
       the last user.  This allows a  simple review of one of the  most
       important aspects of security.

  **   The  remaining  users   appear  in  user  profile   name  order.
       EDTAUTL2 displays users in create date order.

  **   A 'position  to' field exists to easily access  a user.  EDTAUTL
       requires searching for a user.

  **   All  detail authorities are shown on  the initial display.  This
       is the  same  as EDTAUTL  if  the user  running  the command  is
       specified in the user profile as USROPT(*EXPERT).

  **   When F6 is used  to add a new user, 'add mode'  is started and a
       single  user  may be  entered  on each  display  (EDTAUTL allows
       multiple users on  a single display).   Only the description  of
       the  object authority  (such as  *USE)  can be  entered on  this
       display.

  **   An  exit  program  is available  to  allow  any  changes to  the
       authority list  to  be  passed  to  another  system.    This  is
       designed to  retain duplicate  authorities on multiple  systems.
       See the later discussion on the Exit Program.

For  a similar  function  on editing  object authorities,  see  the TAA
tool EDTOBJAUT2.

Exit program
------------

You  can  name  an exit  program  and  be passed  the  command  that is
executed to  maintain  the  authorization list.    The intent  of  this
function  is to  allow you  to maintain  an authorization  list  on one
system  and have the  same change made automatically  on other systems.

The exit program  must be  named using the  Application Value  EDTAUTL2
in TAASECURE (a User Space object).  As an *ALLOBJ user, enter:

             EDTAPPVAL  APPVAL(TAASECURE/EDTAUTL2)

When the display appears,  enter both a program and  a library for your
exit program.   The fields should be blank if  no exit program is used.

If an exit  program is entered,  the program must  exist when  EDTAUTL2
is used.

Your exit program must  accept a single parameter which  is the command
to be executed.  The parameter is passed as 500 bytes.

             PGM        PARM(&CMD)
             DCL        &CMD *CHAR LEN(500)

A typical  example of what you would  do with the command is  to use it
with a SBMRMTCMD command such as:

              SBMRMTCMD CMD(&CMD) DDMFILE(xxx)

You  could also consider logging the  command to the audit journal such
as:

              SNDAUDE    ID(EDTAUTL2) ENTDTA(&CMD)

EDTAUTL2 escape messages you can monitor for
--------------------------------------------

None.  Escape messages from based on functions will be re-sent.

Command parameters                                    *CMD
------------------

   AUTL          The authorization list to be edited.

Restrictions
------------

You  must  have  *ALLOBJ   special  authority  or  *ALL   and  *AUTLMGT
authority to the authorization list to use EDTAUTL2.

Prerequisites
-------------

The following TAA Tools must be on your system:

     ADJVAR          Adjust variable
     CHKALLOBJ       Check *ALLOBJ special authority
     RTVAPPVAL       Retrieve application value
     SNDSTSMSG       Send status message
     SNDJLGMSG       Send job log message
     SNDESCMSG       Send escape message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   EDTAUTL2      *CMD                   TAASEFA       QATTCMD
   TAASEFAC      *PGM       CLP         TAASEFAC      QATTCL
   TAASEFAC2     *PGM       CLP         TAASEFAC2     QATTCL
   TAASEFAC3     *PGM       CLP         TAASEFAC3     QATTCL
   TAASEFAC4     *PGM       CLP         TAASEFAC4     QATTCL
   TAASEFAC5     *PGM       CLP         TAASEFAC5     QATTCL
   TAASEFAR      *PGM       RPG         TAASEFAR      QATTRPG
   TAASEFAD      *FILE      DSPF        TAASEFAD      QATTDDS

Structure
---------

EDTAUTL      Cmd
    TAASEFAC   CL Program
      TAASEFAC5   CL Program - Access exit program in TAASECURE
      TAASEFAR    RPG Program
         TAASEFAC2  CL Program - Does RVK and GRT
         TAASEFAC3  CL Program - Get profile, Add new user
         TAASEFAC4  CL Program - Access user profile and group

Added to TAA Productivity tools August 15, 2001

Home Page

Up to Top