GRTUSGAUT -- Grant User Group Authority

GRTUSGAUT GRANT USER GROUP AUTHORITY TAASEDN
The Grant User Group Authority command allows you to grant authorities by specifying a User Group as created by the USRGRP tool. A typical command would be: GRTUSGAUT USG(xxx) OBJ(yyy) OBJTYPE(zzz) AUT(USE) This would grant USE authority to the object specified for all users of the named user group. Any existing users of the object would retain their authority. A spooled file is created with the users who were granted authority. Low level messages will also exist for the individual objects. As with the system command GRTOBJAUT, if a user already has a higher authority (such as CHANGE) and a lower authority is granted (such as USE), no change actually occurs. An option exists on the command to first revoke all of the existing users that are authorized. For example, assume you want the authorized users to match the list of users as specified in the user group. GRTUSGAUT USG(xxx) OBJ(yyy) OBJTYPE(zzz) + AUT(USE) RVKAUTUSR(YES) When RVKAUTUSR(YES) is specified: * The owner of the object (unless he is part of the User Group) would retain his authority. ** The PUBLIC user retains its authority. * All other users are revoked ** All users of the User Group are added. As with GRTOBJAUT, you may specify a generic name for the object or all objects. You may also specify an object type or all object types. The companion command is RVKUSGAUT. A typical command would be: RVKUSGAUT USG(xxx) OBJ(yyy) OBJTYPE(zzz) This would remove all authority from all users of the current user group from the specified object. Note that any other users that are authorized to the object (including the owner and PUBLIC) remain the same. A spooled file is created with the users who had authority revoked. Low level messages will also exist for the individual objects. If the owner of the object is part of the user group, the owner would be revoked (the owner can grant back any authorization). As with RVKOBJAUT, if you revoke a lesser authority (such as USE) and the user has a greater authority (such as CHANGE), some authority remains. Because of this, the default for RVKUSGAUT is AUT(ALL). This removes all authorities for each of the users of the User Group. If you use GRTUSGAUT to grant authority, remove a user from the user group, and then use RVKUSGAUT, the user who was removed retains authority. RVKUSGAUT only operates on the current list of users in the group. GRTUSGAUT command parameters CMD ---------------------------- USG The user group to be granted to. OBJ The qualified object name of the object. A generic name may be used or the special value ALL for all objects. The library qualifier defaults to LIBL. CURLIB, ALL, ALLUSR, or USRLIBL may be specified. OBJTYPE The object type. The standard object types are supported. AUT The authority to grant. The default is CHANGE. The same values as exist on GRTOBJAUT are valid such as USE, CHANGE, OBJMGT, and READ. RVKAUTUSR Whether to revoke the existing authorized users. The default is NO. If YES is specified, the owner (unless he is in the User Group) and PUBLIC retain their current authority. Any other users are revoked (they would have no authority). Then the authority specified by the AUTHORITY parameter is granted to the users of the group. USGLIB The library where the USRGRPx files exist. LIBL is the default. CURLIB may be specified. RVKUSGAUT command parameters CMD ---------------------------- USG The user group to have its authority revoked. If the owner of the object is part of the User Group, he will have the specified authorizations revoked (the owner can grant back any authorization). OBJ The qualified object name of the object. A generic name may be used or the special value ALL for all objects. The library qualifier defaults to LIBL. CURLIB, ALL, ALLUSR, or USRLIBL may be specified. OBJTYPE The object type. The standard object types are supported. AUT The authority to be revoked. The default is ALL. This is a change from the system command RVKOBJAUT. The same values as exist on RVKOBJAUT are valid such as USE, CHANGE, OBJMGT, and READ. USGLIB The library where the USRGRPx files exist. LIBL is the default. CURLIB may be specified. Restrictions ------------ The tool uses the GRT/RVKOBJAUT system commands which require that the user be appropriately authorized to the objects. Prerequisites ------------- The following TAA Tools must be on your system: CHKGENERC Check generic EDTVAR Edit variable EXTLST Extract list PRINT Print RTVPUBAUT Retrieve public authority RTVUSG Retrieve user group (USRGRP tool) SNDCOMPMSG Send completion message SNDESCMSG Send escape message SNDSTSMSG Send status message Implementation -------------- The tool is ready to use, but you you must have a User Group defined as specified by the User Group tool. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- GRTUSGAUT CMD TAASEDN QATTCMD RVKUSGAUT CMD TAASEDN2 QATTCMD TAASEDNC PGM CLP TAASEDNC QATTCL TAASEDNC2 PGM CLP TAASEDNC2 QATTCL TAASEDNC9 PGM CLP TAASEDNC9 QATTCL Structure --------- GRTUSGAUT Cmd TAASEDNC CL pgm TAASEDNC9 CL Pgm RVKUSGAUT Cmd TAASEDNC2 CL pgm

GRTUSGAUT       GRANT USER GROUP AUTHORITY             TAASEDN


The  Grant   User  Group   Authority  command   allows  you  to   grant
authorities by  specifying a User Group as created  by the USRGRP tool.

A typical command would be:

             GRTUSGAUT    USG(xxx) OBJ(yyy) OBJTYPE(*zzz) AUT(*USE)

This  would grant *USE authority to  the object specified for all users
of the  named user  group.   Any  existing users  of  the object  would
retain their authority.

A spooled  file is created with  the users who  were granted authority.
Low level messages will also exist for the individual objects.

As  with the system command  GRTOBJAUT, if a user  already has a higher
authority (such as *CHANGE) and  a lower authority is granted (such  as
*USE), no change actually occurs.

An option  exists on the  command to first  revoke all of  the existing
users  that  are   authorized.    For  example,  assume  you  want  the
authorized users to match  the list of users  as specified in the  user
group.

             GRTUSGAUT    USG(xxx) OBJ(yyy) OBJTYPE(*zzz) +
                            AUT(*USE) RVKAUTUSR(*YES)

When RVKAUTUSR(*YES) is specified:

  **   The owner of  the object (unless he  is part of the  User Group)
       would retain his authority.

  **   The *PUBLIC user retains its authority.

  **   All other users are revoked

  **   All users of the User Group are added.

As with  GRTOBJAUT, you may  specify a generic  name for the  object or
all  objects.   You  may  also specify  an  object type  or  all object
types.

The companion command is RVKUSGAUT.  A typical command would be:

             RVKUSGAUT    USG(xxx) OBJ(yyy) OBJTYPE(*zzz)

This would  remove all  authority from all  users of  the current  user
group from  the specified object.   Note that any other  users that are
authorized  to the object (including the  owner and *PUBLIC) remain the
same.

A spooled file  is created with  the users who  had authority  revoked.
Low level messages will also exist for the individual objects.

If the owner of  the object is part of the user  group, the owner would
be revoked (the owner can grant back any authorization).

As  with RVKOBJAUT,  if you revoke  a lesser  authority (such  as *USE)
and  the  user  has  a  greater  authority  (such  as  *CHANGE),   some
authority remains.    Because of  this, the  default  for RVKUSGAUT  is
AUT(*ALL).   This removes all authorities for each  of the users of the
User Group.

If  you use GRTUSGAUT to  grant authority, remove a  user from the user
group,  and then  use  RVKUSGAUT,  the  user who  was  removed  retains
authority.   RVKUSGAUT only  operates on the  current list of  users in
the group.

GRTUSGAUT command parameters                          *CMD
----------------------------

   USG           The user group to be granted to.

   OBJ           The  qualified object name  of the object.   A generic
                 name may be  used or  the special value  *ALL for  all
                 objects.

                 The  library qualifier  defaults to  *LIBL.   *CURLIB,
                 *ALL, *ALLUSR, or *USRLIBL may be specified.

   OBJTYPE       The  object  type.    The  standard  object types  are
                 supported.

   AUT           The authority to grant.  The default is *CHANGE.

                 The same values as exist  on GRTOBJAUT are valid  such
                 as *USE, *CHANGE, *OBJMGT, and *READ.

   RVKAUTUSR     Whether  to  revoke  the  existing  authorized  users.
                 The default is *NO.

                 If *YES  is specified, the owner (unless  he is in the
                 User   Group)   and  *PUBLIC   retain   their  current
                 authority.   Any other users  are revoked (they  would
                 have no  authority).  Then the  authority specified by
                 the  AUTHORITY parameter  is granted  to the  users of
                 the group.

   USGLIB        The library where the USRGRPx  files exist.  *LIBL  is
                 the default.  *CURLIB may be specified.

RVKUSGAUT command parameters                          *CMD
----------------------------

   USG           The  user group  to have  its authority  revoked.   If
                 the  owner of the  object is  part of the  User Group,
                 he will  have  the  specified  authorizations  revoked
                 (the owner can grant back any authorization).

   OBJ           The qualified  object name of  the object.   A generic
                 name  may be used  or the  special value *ALL  for all
                 objects.

                 The  library  qualifier defaults  to *LIBL.   *CURLIB,
                 *ALL, *ALLUSR, or *USRLIBL may be specified.

   OBJTYPE       The  object type.    The  standard  object  types  are
                 supported.

   AUT           The  authority to be  revoked.   The default  is *ALL.
                 This  is a change  from the  system command RVKOBJAUT.

                 The same values as exist  on RVKOBJAUT are valid  such
                 as *USE, *CHANGE, OBJMGT, and *READ.

   USGLIB        The library where  the USRGRPx files exist.   *LIBL is
                 the default.  *CURLIB may be specified.

Restrictions
------------

The  tool uses  the GRT/RVKOBJAUT  system  commands which  require that
the user be appropriately authorized to the objects.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CHKGENERC       Check generic
     EDTVAR          Edit variable
     EXTLST          Extract list
     PRINT           Print
     RTVPUBAUT       Retrieve public authority
     RTVUSG          Retrieve user group (USRGRP tool)
     SNDCOMPMSG      Send completion message
     SNDESCMSG       Send escape message
     SNDSTSMSG       Send status message

Implementation
--------------

The tool is ready to  use, but you you must  have a User Group  defined
as specified by the User Group tool.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   GRTUSGAUT     *CMD                   TAASEDN       QATTCMD
   RVKUSGAUT     *CMD                   TAASEDN2      QATTCMD
   TAASEDNC      *PGM       CLP         TAASEDNC      QATTCL
   TAASEDNC2     *PGM       CLP         TAASEDNC2     QATTCL
   TAASEDNC9     *PGM       CLP         TAASEDNC9     QATTCL

Structure
---------

GRTUSGAUT   Cmd
   TAASEDNC   CL pgm
     TAASEDNC9  CL Pgm

RVKUSGAUT   Cmd
   TAASEDNC2  CL pgm

Added to TAA Productivity tools May 1, 1996

Home Page

Up to Top