GRTAUTMSGQ -- Grant Authority to Message Queue

GRTAUTMSGQ GRANT AUTHORITY TO MESSAGE QUEUE TAAMSIS
The Grant Authority to Message Queue command is intended to prevent the PUBLIC user from displaying and answering messages in a message queue such as QSYSOPR. The command sets the PUBLIC authority to allow sending of messages, but prevents the use of DSPMSG to the message queue. A named user may be specified who will be able to both send messages and use DSPMSG. If a user is authorized to display a message queue, he may respond to any inquiry messages. A user may not delete a message unless he is authorized to the delete data right. System shipped defaults ----------------------- The system defaults the authority to the QSYSOPR message queue to allow the PUBLIC user to be able to display and answer messages (deletion of messages is not authorized). Even if the user is menu controlled, the use of System Request option 6 still allows access to the QSYSOPR message queue. If the user is authorized to use DSPMSG for a message queue, there is no option that will prevent him from answering a message. The PUBLIC user is shipped with the rights of OBJOPR, READ, ADD, and EXECUTE. It is the READ right that allows DSPMSG to be used. The system ships the QSYSOPR message queue to allow several users such as QPGMR and QSYSOPR to be able to display, answer, and delete messages. To delete a message the DLT right must be granted. Intent of GRTAUTMSGQ -------------------- The intent of GRTAUTMSGQ is to prevent the PUBLIC user from being able to display a message queue such as QSYSOPR and answering a message he may not fully understand. In most environments, the typical end user should not be confronted with the QSYSOPR message queue and should not be answering messages. GRTAUTMSGQ also allows you to name a user who should be able to display the message queue and answer messages. An option exists to determine if the named user should be able to delete any messages. The PUBLIC user and the named user may send messages to the message queue. Typical GRTAUTMSGQ command -------------------------- You must have all rights to the message queue to be able to use GRTAUTMSGQ. A typical command would be: GRTAUTMSGQ USRPRF(xxx) MSGQ(QSYSOPR) DLTMSG(NO) The following would occur: * If the PUBLIC user is not currently authorized to 'send messages only', the authorization would be changed. * The named user would be authorized to be able to send messages and use DSPMSG, but not be able to delete any messages. You may use GRTAUTMSGQ for each user who should be able to use DSPMSG and individually determine if deletion of messages should be allowed. System Request Option 6 ----------------------- If the PUBLIC user is not authorized to DSPMSG for QSYSOPR, entering System Request Option 6 will produce an error message on the System Request display. QCFGMSGQ -------- The QCFGMSGQ is also shipped with the same authority as QSYSOPR. Printer/writer inquiry messages may be sent to QCFGMSGQ. Recovery -------- To reset the PUBLIC user back to the shipped default, enter GRTAUTMSGQ USRPRF(PUBLIC) MSGQ(QSYSOPR) DLTMSG(NO) GRTAUTMSGQ escape messages you can monitor for ---------------------------------------------- None. Escape messages from based on functions will be re-sent. Command parameters CMD ------------------ USRPRF The user profile that will be authorized to use DSPMSG to the message queue. The user will also be authorized to send messages to the message queue. MSGQ The qualified name of the message queue. The library value defaults to LIBL. CURLIB may also be used. Unless USRPRF(PUBLIC) is specified, the PUBLIC authorization to the message queue will be set (if not already set) so that sending of messages is valid, but the use of DSPMSG is not. To reset the PUBLIC user back to the shipped default, enter GRTAUTMSGQ USRPRF(PUBLIC) MSGQ(QSYSOPR) DLTMSG(NO) DLTMSG A YES/NO option for whether the named user profile will be able to delete messages in the message queue. NO is the default to prevent deletion of messages. YES may be specified to allow the deletion of messages. Restrictions ------------ You must have all rights to the message queue to be able to use GRTAUTMSGQ. Prerequisites ------------- The following TAA Tools must be on your system: RTVOBJAUT2 Retrieve object authority 2 SNDCOMPMSG Send completion message SNDESCINF Send escape information SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- GRTAUTMSGQ CMD TAAMSIS QATTCMD TAAMSISC PGM CLP TAAMSISC QATTCL

GRTAUTMSGQ      GRANT AUTHORITY TO MESSAGE QUEUE       TAAMSIS


The Grant  Authority to Message  Queue command  is intended to  prevent
the *PUBLIC  user from displaying  and answering messages  in a message
queue  such  as QSYSOPR.   The  command sets  the *PUBLIC  authority to
allow sending  of  messages, but  prevents  the use  of DSPMSG  to  the
message  queue.  A  named user  may be  specified who  will be  able to
both send messages and use DSPMSG.

If a  user is authorized to display a  message queue, he may respond to
any inquiry messages.   A user may  not delete a  message unless he  is
authorized to the delete data right.

System shipped defaults
-----------------------

The  system defaults  the authority  to  the QSYSOPR  message queue  to
allow  the  *PUBLIC user  to be  able  to display  and  answer messages
(deletion of messages  is not authorized).   Even if the  user is  menu
controlled, the use of  System Request option 6 still  allows access to
the QSYSOPR message queue.

If the user  is authorized to use DSPMSG for  a message queue, there is
no option that will prevent him from answering a message.

The  *PUBLIC user is  shipped with the rights  of *OBJOPR, *READ, *ADD,
and *EXECUTE.  It is the *READ right that allows DSPMSG to be used.

The system  ships  the QSYSOPR  message queue  to  allow several  users
such as  QPGMR and QSYSOPR  to be able  to display, answer,  and delete
messages.  To delete a message the *DLT right must be granted.

Intent of GRTAUTMSGQ
--------------------

The  intent of  GRTAUTMSGQ is  to prevent the  *PUBLIC user  from being
able to  display  a  message queue  such  as QSYSOPR  and  answering  a
message  he  may not  fully  understand.    In most  environments,  the
typical  end user  should not  be confronted  with the  QSYSOPR message
queue and should not be answering messages.

GRTAUTMSGQ also  allows  you to  name  a user  who  should be  able  to
display the  message queue and  answer messages.   An option exists  to
determine if the named user should be able to delete any messages.

The *PUBLIC  user and the named  user may send messages  to the message
queue.

Typical GRTAUTMSGQ command
--------------------------

You  must  have all  rights  to the  message queue  to  be able  to use
GRTAUTMSGQ.

A typical command would be:

             GRTAUTMSGQ    USRPRF(xxx) MSGQ(QSYSOPR) DLTMSG(*NO)

The following would occur:

  **   If  the *PUBLIC  user  is  not  currently  authorized  to  'send
       messages only', the authorization would be changed.

  **   The named user  would be authorized to be  able to send messages
       and use DSPMSG, but not be able to delete any messages.

You may  use GRTAUTMSGQ for each user who  should be able to use DSPMSG
and individually determine if deletion  of messages should be  allowed.

System Request Option 6
-----------------------

If the *PUBLIC  user is not authorized to DSPMSG  for QSYSOPR, entering
System  Request Option 6  will produce an  error message on  the System
Request display.

QCFGMSGQ
--------

The QCFGMSGQ  is  also shipped  with  the same  authority  as  QSYSOPR.
Printer/writer inquiry messages may be sent to QCFGMSGQ.

Recovery
--------

To reset the *PUBLIC user back to the shipped default, enter

                     GRTAUTMSGQ    USRPRF(*PUBLIC) MSGQ(QSYSOPR)
                                     DLTMSG(*NO)

GRTAUTMSGQ escape messages you can monitor for
----------------------------------------------

None.  Escape messages from based on functions will be re-sent.

Command parameters                                    *CMD
------------------

   USRPRF        The  user  profile  that will  be  authorized  to  use
                 DSPMSG to  the message queue.   The user  will also be
                 authorized to send messages to the message queue.

   MSGQ          The   qualified  name  of  the  message  queue.    The
                 library value  defaults to  *LIBL.   *CURLIB may  also
                 be used.

                 Unless  USRPRF(*PUBLIC)  is   specified,  the  *PUBLIC
                 authorization  to the  message queue  will be  set (if
                 not already  set)  so  that  sending  of  messages  is
                 valid, but the use of DSPMSG is not.

                 To  reset  the  *PUBLIC  user   back  to  the  shipped
                 default, enter

                    GRTAUTMSGQ    USRPRF(*PUBLIC) MSGQ(QSYSOPR)
                                    DLTMSG(*NO)

   DLTMSG        A *YES/*NO  option for whether the  named user profile
                 will  be  able  to  delete  messages  in  the  message
                 queue.

                 *NO is  the default to  prevent deletion  of messages.

                 *YES  may  be  specified  to  allow  the  deletion  of
                 messages.

Restrictions
------------

You  must  have all  rights  to the  message queue  to  be able  to use
GRTAUTMSGQ.

Prerequisites
-------------

The following TAA Tools must be on your system:

     RTVOBJAUT2      Retrieve object authority 2
     SNDCOMPMSG      Send completion message
     SNDESCINF       Send escape information
     SNDESCMSG       Send escape message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   GRTAUTMSGQ    *CMD                   TAAMSIS       QATTCMD
   TAAMSISC      *PGM       CLP         TAAMSISC      QATTCL

Added to TAA Productivity tools June 1, 2005

Home Page

Up to Top