EDTOBJAUT2 EDIT OBJECT AUTHORITY 2 TAASECF
The Edit Object Authority 2 command is similar to the system supplied
EDTOBJAUT command except that the names appear in alphabetical
sequence following the owner and *PUBLIC user. A 'position to'
option exists. An option exists to capture the GRT/RVK changes so
they may be logged or sent to another system.
The user profile name *GROUP will appear if the user is part of the
group profile that is authorized to the object. The *GROUP
authorizations cannot be changed using EDTOBJAUT2. A message will
appear stating this and describing that EDTOBJAUT should be used.
A typical command would be entered as:
EDTOBJAUT2 OBJ(PGMA) OBJTYPE(*PGM)
A subfile display appears that is similar to the system EDTOBJAUT
The following major differences exist between EDTOBJAUT and
** The owner is always the first user on the display (same as
EDTOBJAUT), but the *PUBLIC user is always the second instead
of the last user. This allows a simple review of one of the
most important aspects of security.
** The remaining users appear in user profile name order.
EDTOBJAUT displays users in create date order.
** A 'position to' field exists to easily access a user.
EDTOBJAUT requires searching for a user.
** All detail authorities are shown on the initial display. This
is the same as EDTOBJAUT if the user running the command is
specified in the user profile as USROPT(*EXPERT).
** When F6 is used to add a new user, 'add mode' is started and a
single user may be entered on each display (EDTOBJAUT allows
multiple users on a single display). Only the description of
the object authority (such as *USE) can be entered on this
display. If specific authorities must be entered, they may
only be entered on the main display.
** An exit program is available to allow any changes to the
authority list to be passed to another system. This is
designed to retain duplicate authorities on multiple systems.
See the later discussion on the Exit Program.
For a similar function on editing authorization lists, see the TAA
You can name an exit program and be passed the command that is
executed to maintain the authorizations. The intent of this function
is to allow you to maintain the authorizations on one system and have
the same change made automatically on other systems.
The exit program must be named using the Application Value EDTOBJAUT2
in TAASECURE (a User Space object). As an *ALLOBJ user, enter:
When the display appears, enter both a program and a library for your
exit program. The fields should be blank if no exit program is used.
If an exit program is entered, the program must exist when EDTOBJAUT2
Your exit program must accept a single parameter which is the command
to be executed. The parameter is passed as 500 bytes.
DCL &CMD *CHAR LEN(500)
A typical example of what you would do with the command is to use it
with a SBMRMTCMD command such as:
SBMRMTCMD CMD(&CMD) DDMFILE(xxx)
You could also consider logging the command to the audit journal such
SNDAUDE ID(EDTOBJAUT2) ENTDTA(&CMD)
Command parameters *CMD
OBJ The qualified object name to use. The library
defaults to *LIBL.
OBJTYPE The object type. Use the command prompt for a list
You must be authorized to use the grant and revoke functions on the
object named. If you are using SBMRMTCMD, see the discussion of DDM
considerations with the TAA tool CHGUSRPWD.
The *GROUP authorizations cannot be changed using EDTOBJAUT2. A
message will appear stating this and describing that EDTOBJAUT should
The following TAA Tools must be on your system:
CHKNAM Check name
EDTAUTL2 Edit authorization list 2
SNDESCMSG Send escape message
SNDSTSMSG Send status message
None, the tool is ready to use.
Objects used by the tool
Object Type Attribute Src member Src file
------ ---- --------- ---------- ----------
EDTOBJAUT2 *CMD TAASECF QATTCMD
TAASECFD *FILE DSPF TAASECFD QATTDDS
TAASECFC *PGM CLP TAASECFC QATTCL
TAASECFC2 *PGM CLP TAASECFC2 QATTCL
TAASECFC3 *PGM CLP TAASECFC3 QATTCL
TAASECFC5 *PGM CLP TAASECFC5 QATTCL
TAASECFR *PGM RPG TAASECFR QATTRPG
Added to TAA Productivity tools April 1, 1995