EDTOBJAUT2 -- Edit Object Authority 2

EDTOBJAUT2 EDIT OBJECT AUTHORITY 2 TAASECF
The Edit Object Authority 2 command is similar to the system supplied EDTOBJAUT command except that the names appear in alphabetical sequence following the owner and PUBLIC user. A 'position to' option exists. An option exists to capture the GRT/RVK changes so they may be logged or sent to another system. The user profile name GROUP will appear if the user is part of the group profile that is authorized to the object. The GROUP authorizations cannot be changed using EDTOBJAUT2. A message will appear stating this and describing that EDTOBJAUT should be used. A typical command would be entered as: EDTOBJAUT2 OBJ(PGMA) OBJTYPE(PGM) A subfile display appears that is similar to the system EDTOBJAUT display. The following major differences exist between EDTOBJAUT and EDTOBJAUT2. ** The owner is always the first user on the display (same as EDTOBJAUT), but the PUBLIC user is always the second instead of the last user. This allows a simple review of one of the most important aspects of security. * The remaining users appear in user profile name order. EDTOBJAUT displays users in create date order. A 'position to' field exists to easily access a user. EDTOBJAUT requires searching for a user. All detail authorities are shown on the initial display. This is the same as EDTOBJAUT if the user running the command is specified in the user profile as USROPT(EXPERT). * When F6 is used to add a new user, 'add mode' is started and a single user may be entered on each display (EDTOBJAUT allows multiple users on a single display). Only the description of the object authority (such as USE) can be entered on this display. If specific authorities must be entered, they may only be entered on the main display. * An exit program is available to allow any changes to the authority list to be passed to another system. This is designed to retain duplicate authorities on multiple systems. See the later discussion on the Exit Program. For a similar function on editing authorization lists, see the TAA tool EDTAUTL2. Exit program ------------ You can name an exit program and be passed the command that is executed to maintain the authorizations. The intent of this function is to allow you to maintain the authorizations on one system and have the same change made automatically on other systems. The exit program must be named using the Application Value EDTOBJAUT2 in TAASECURE (a User Space object). As an ALLOBJ user, enter: EDTAPPVAL APPVAL(TAASECURE/EDTOBJAUT2) When the display appears, enter both a program and a library for your exit program. The fields should be blank if no exit program is used. If an exit program is entered, the program must exist when EDTOBJAUT2 is used. Your exit program must accept a single parameter which is the command to be executed. The parameter is passed as 500 bytes. PGM PARM(&CMD) DCL &CMD CHAR LEN(500) A typical example of what you would do with the command is to use it with a SBMRMTCMD command such as: SBMRMTCMD CMD(&CMD) DDMFILE(xxx) You could also consider logging the command to the audit journal such as: SNDAUDE ID(EDTOBJAUT2) ENTDTA(&CMD) Command parameters CMD ------------------ OBJ The qualified object name to use. The library defaults to LIBL. OBJTYPE The object type. Use the command prompt for a list of values. Restrictions ------------ You must be authorized to use the grant and revoke functions on the object named. If you are using SBMRMTCMD, see the discussion of DDM considerations with the TAA tool CHGUSRPWD. Restrictions ------------ The GROUP authorizations cannot be changed using EDTOBJAUT2. A message will appear stating this and describing that EDTOBJAUT should be used. Prerequisites ------------- The following TAA Tools must be on your system: CHKNAM Check name EDTAUTL2 Edit authorization list 2 SNDESCMSG Send escape message SNDSTSMSG Send status message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- EDTOBJAUT2 CMD TAASECF QATTCMD TAASECFD FILE DSPF TAASECFD QATTDDS TAASECFC PGM CLP TAASECFC QATTCL TAASECFC2 PGM CLP TAASECFC2 QATTCL TAASECFC3 PGM CLP TAASECFC3 QATTCL TAASECFC5 PGM CLP TAASECFC5 QATTCL TAASECFR PGM RPG TAASECFR QATTRPG

EDTOBJAUT2      EDIT OBJECT AUTHORITY 2                TAASECF


The Edit Object Authority  2 command is similar to  the system supplied
EDTOBJAUT  command  except   that  the  names  appear  in  alphabetical
sequence  following  the  owner  and *PUBLIC  user.    A  'position to'
option exists.   An  option exists to  capture the  GRT/RVK changes  so
they may be logged or sent to another system.

The user  profile name *GROUP  will appear if  the user is part  of the
group   profile  that  is  authorized  to   the  object.    The  *GROUP
authorizations cannot  be changed  using EDTOBJAUT2.    A message  will
appear stating this and describing that EDTOBJAUT should be used.

A typical command would be entered as:

          EDTOBJAUT2   OBJ(PGMA) OBJTYPE(*PGM)

A  subfile display  appears that  is  similar to  the system  EDTOBJAUT
display.

The   following   major  differences   exist   between   EDTOBJAUT  and
EDTOBJAUT2.

  **   The owner  is always  the first  user on  the display  (same  as
       EDTOBJAUT), but  the *PUBLIC user  is always the  second instead
       of the  last user.   This allows a  simple review of  one of the
       most important aspects of security.

  **   The   remaining  users  appear  in   user  profile  name  order.
       EDTOBJAUT displays users in create date order.

  **   A  'position  to'  field   exists  to  easily  access   a  user.
       EDTOBJAUT requires searching for a user.

  **   All detail authorities  are shown on the initial  display.  This
       is  the same  as EDTOBJAUT  if the user  running the  command is
       specified in the user profile as USROPT(*EXPERT).

  **   When F6 is used to add a  new user, 'add mode' is started and  a
       single user  may be  entered on  each display (EDTOBJAUT  allows
       multiple  users on a single  display).  Only  the description of
       the object  authority (such  as  *USE) can  be entered  on  this
       display.   If  specific authorities  must be  entered, they  may
       only be entered on the main display.

  **   An  exit  program  is available  to  allow  any  changes to  the
       authority  list  to  be  passed  to  another  system.    This is
       designed to  retain duplicate authorities  on multiple  systems.
       See the later discussion on the Exit Program.

For  a similar  function on  editing authorization  lists, see  the TAA
tool EDTAUTL2.

Exit program
------------

You  can  name  an exit  program  and  be passed  the  command  that is
executed to maintain the authorizations.   The intent of this  function
is to allow you  to maintain the authorizations on  one system and have
the same change made automatically on other systems.

The exit  program must be named using  the Application Value EDTOBJAUT2
in TAASECURE (a User Space object).  As an *ALLOBJ user, enter:

             EDTAPPVAL  APPVAL(TAASECURE/EDTOBJAUT2)

When the display appears, enter both  a program and a library for  your
exit program.  The fields  should be blank if no exit  program is used.

If an  exit program is entered, the program  must exist when EDTOBJAUT2
is used.

Your  exit program must accept a  single parameter which is the command
to be executed.  The parameter is passed as 500 bytes.

             PGM        PARM(&CMD)
             DCL        &CMD *CHAR LEN(500)

A typical example of  what you would do with  the command is to  use it
with a SBMRMTCMD command such as:

              SBMRMTCMD CMD(&CMD) DDMFILE(xxx)

You could also  consider logging the command to  the audit journal such
as:

              SNDAUDE    ID(EDTOBJAUT2) ENTDTA(&CMD)

Command parameters                                    *CMD
------------------

   OBJ           The  qualified  object  name  to  use.    The  library
                 defaults to *LIBL.

   OBJTYPE       The object type.   Use the command  prompt for a  list
                 of values.

Restrictions
------------

You must  be authorized to  use the grant  and revoke functions  on the
object named.   If you are  using SBMRMTCMD, see the  discussion of DDM
considerations with the TAA tool CHGUSRPWD.

Restrictions
------------

The *GROUP  authorizations  cannot  be changed  using  EDTOBJAUT2.    A
message will appear  stating this and describing that  EDTOBJAUT should
be used.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CHKNAM       Check name
     EDTAUTL2     Edit authorization list 2
     SNDESCMSG    Send escape message
     SNDSTSMSG    Send status message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type        Attribute      Src member    Src file
   ------        ----        ---------      ----------    ----------

   EDTOBJAUT2    *CMD                       TAASECF       QATTCMD
   TAASECFD      *FILE          DSPF        TAASECFD      QATTDDS
   TAASECFC      *PGM           CLP         TAASECFC      QATTCL
   TAASECFC2     *PGM           CLP         TAASECFC2     QATTCL
   TAASECFC3     *PGM           CLP         TAASECFC3     QATTCL
   TAASECFC5     *PGM           CLP         TAASECFC5     QATTCL
   TAASECFR      *PGM           RPG         TAASECFR      QATTRPG

Added to TAA Productivity tools April 1, 1995

Home Page

Up to Top