TAA Tools
EDTAUTL2        EDIT AUTHORIZATION LIST 2              TAASEFA

The Edit Authorization  List 2 command  is designed for the  case where
many  users exist  on  an authorization  list  and it  is  desirable to
display  the users in name sequence.  This  is as opposed to the system
EDTAUTL command which  displays the users  in user profile create  date
sequence.   An exit program  may also be  named to pass any  changes to
other systems.

You   must  have  *ALLOBJ  special  authority   or  *ALL  and  *AUTLMGT
authority to the authorization list to use EDTAUTL2.

A typical command would be:

             EDTAUTL2  AUTL(xxx)

The authorization list  would be displayed with  the current users  and
their authorities.

The following major differences exist between EDTAUTL and EDTAUTL2:

  **   The  owner is  always the  first user  on the  display (same  as
       EDTAUTL), but  the *PUBLIC user is always  the second instead of
       the last user.  This allows a  simple review of one of the  most
       important aspects of security.

  **   The  remaining  users   appear  in  user  profile   name  order.
       EDTAUTL2 displays users in create date order.

  **   A 'position  to' field exists to easily access  a user.  EDTAUTL
       requires searching for a user.

  **   All  detail authorities are shown on  the initial display.  This
       is the  same  as EDTAUTL  if  the user  running  the command  is
       specified in the user profile as USROPT(*EXPERT).

  **   When F6 is used  to add a new user, 'add mode'  is started and a
       single  user  may be  entered  on each  display  (EDTAUTL allows
       multiple users on  a single display).   Only the description  of
       the  object authority  (such as  *USE)  can be  entered on  this
       display.

  **   An  exit  program  is available  to  allow  any  changes to  the
       authority list  to  be  passed  to  another  system.    This  is
       designed to  retain duplicate  authorities on multiple  systems.
       See the later discussion on the Exit Program.

For  a similar  function  on editing  object authorities,  see  the TAA
tool EDTOBJAUT2.

Exit program
------------

You  can  name  an exit  program  and  be passed  the  command  that is
executed to  maintain  the  authorization list.    The intent  of  this
function  is to  allow you  to maintain  an authorization  list  on one
system  and have the  same change made automatically  on other systems.

The exit program  must be  named using the  Application Value  EDTAUTL2
in TAASECURE (a User Space object).  As an *ALLOBJ user, enter:

             EDTAPPVAL  APPVAL(TAASECURE/EDTAUTL2)

When the display appears,  enter both a program and  a library for your
exit program.   The fields should be blank if  no exit program is used.

If an exit  program is entered,  the program must  exist when  EDTAUTL2
is used.

Your exit program must  accept a single parameter which  is the command
to be executed.  The parameter is passed as 500 bytes.

             PGM        PARM(&CMD)
             DCL        &CMD *CHAR LEN(500)

A typical  example of what you would  do with the command is  to use it
with a SBMRMTCMD command such as:

              SBMRMTCMD CMD(&CMD) DDMFILE(xxx)

You  could also consider logging the  command to the audit journal such
as:

              SNDAUDE    ID(EDTAUTL2) ENTDTA(&CMD)

EDTAUTL2 escape messages you can monitor for
--------------------------------------------

None.  Escape messages from based on functions will be re-sent.

Command parameters                                    *CMD
------------------

   AUTL          The authorization list to be edited.

Restrictions
------------

You  must  have  *ALLOBJ   special  authority  or  *ALL   and  *AUTLMGT
authority to the authorization list to use EDTAUTL2.

Prerequisites
-------------

The following TAA Tools must be on your system:

     ADJVAR          Adjust variable
     CHKALLOBJ       Check *ALLOBJ special authority
     RTVAPPVAL       Retrieve application value
     SNDSTSMSG       Send status message
     SNDJLGMSG       Send job log message
     SNDESCMSG       Send escape message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   EDTAUTL2      *CMD                   TAASEFA       QATTCMD
   TAASEFAC      *PGM       CLP         TAASEFAC      QATTCL
   TAASEFAC2     *PGM       CLP         TAASEFAC2     QATTCL
   TAASEFAC3     *PGM       CLP         TAASEFAC3     QATTCL
   TAASEFAC4     *PGM       CLP         TAASEFAC4     QATTCL
   TAASEFAC5     *PGM       CLP         TAASEFAC5     QATTCL
   TAASEFAR      *PGM       RPG         TAASEFAR      QATTRPG
   TAASEFAD      *FILE      DSPF        TAASEFAD      QATTDDS

Structure
---------

EDTAUTL      Cmd
    TAASEFAC   CL Program
      TAASEFAC5   CL Program - Access exit program in TAASECURE
      TAASEFAR    RPG Program
         TAASEFAC2  CL Program - Does RVK and GRT
         TAASEFAC3  CL Program - Get profile, Add new user
         TAASEFAC4  CL Program - Access user profile and group
					

Added to TAA Productivity tools August 15, 2001


Home Page Up to Top