LMTDLTSPL2 -- Limit DLTSPLF 2 - More Granular Limiting

LMTDLTSPL2 LIMIT DLTSPLF 2 TAASPLS
The Limit DLTSPLF 2 command provides a more granular solution for limiting DLTSPLF than the LMTDLTSPLF tool. For a simple technique (and better performing solution), see LMTDLTSPLF. ******************************************* * * * CAUTION. If you limit the * * DLTSPLF command, there may be * * system or product functions that * * will fail because they assume that * * PUBLIC has USE authority to these * * commands. In general, you should * * consider restricting only menu * * controlled end users. * * * ***************************************** Note that LMTDLTSPL2 does not control CLROUTQ or the ability to change the OUTQ using CHGSPLFA. LMTDLTSPL2 Data Area -------------------- LMTDLTSPL2 provides the LMTDLTSPL2 data area in TAASECURE which allows you to specify file names such as QPJOBLOG and define the authority required to delete the spooled file. The authority specified can be: JOBCTL is required * SPLCTL is required * ALLOBJ is required * Authorization to a specific authorization list is required. The LMTDLTSPL2 data area is changed using the EDTCONARR TAA command. EDTCONARR DTAARA(TAASECURE/LMTDLTSPL2) Only a user with access to the private library TAASECURE can change the data area. The data area has two entries per file. The left entry is the spooled file name and the right entry is either JOBCTL, SPLCTL, PUBLIC or an authorization list name. If an authorization list is used, the PUBLIC may be given USE authority to allow them to delete the spooled file. A sample data area might look like: SPLF name Control Meaning --------- ------- ------- QPJOBLOG JOBCTL JOBCTL needed to dlt QPJOBLOG PAYROLL SPLCTL SPLCTL needed to dlt PAYROLL INVOICES AUTL1 AUTL1 auth needed to dlt INVOICES PAYABLES AUTL2 AUTL2 auth needed to dlt PAYABLES OTHER JOBCTL Any other file - dlt needs JOBCTL TEST PUBLIC Any file named TEST can be deleted The OTHER entry is used when the spooled file name does not exist in the data area. The OTHER entry may be placed anywhere in the list. It is not searched for until after the specific file name is searched for. If the spooled file name does not exist in the data area and OTHER is not entered, the user will be allowed to delete the spooled file. Each time you make changes to the data area, you should run the LMTDLTSPL2 command. LMTDLTSPL2 Command ------------------ After you enter the required values in the LMTDLTSPL2 data area, you need to run the LMTDLTSPL2 command. Only a user with ALLOBJ special authority may use LMTDLTSPL2. The command has no parameters and would be entered as: LMTDLTSPL2 Running the command performs two functions: * The contents of the LMTDLTSPL2 data area area are checked for valid entries. The spooled file names can only be checked to ensure that a valid name exists. ** The system DLTSPLF command is changed with a validity checking program TAASPLSC2 in TAATOOL. When DLTSPLF is run, the program checks the spooled file name against the values in the LMTDLTSPL2 data area. Each time LMTDLTSPL2 is run, the data area is checked and the DLTSPLF command validity checking program is changed. Controlling CLROUTQ ------------------- The CLROUTQ command is shipped to allow the PUBLIC user to USE authority. If you are going to control DLTSPLF, you should also control CLROUTQ. You may use the LMTDLTSPLF tool with either the command or authorization list solution. Controlling CHGSPLFA -------------------- The CHGSPLFA command is shipped to allow the PUBLIC to change the spooled files that they have created. A user can change the OUTQ parameter of an existing spooled file and cause the file to be printed which causes the spool writer to delete the file (unless SAVE has been specified). If you want to prevent this occurrence, see the LMTDLTSPLF tool. Command parameters CMD ------------------ None. New system release implications ------------------------------- When a new system release is installed, the commands in QSYS are deleted and installed as shipped by the system. Therefore, you should place the LMTDLTSPL2 command in a CL program along with any other changes to QSYS objects and run the program on each release. The LMTDLTSPL2 data area in TAASECURE will not be changed by a new release of the TAA Productivity Tools. Restrictions ------------ Only a user with ALLOBJ special authority may use LMTDLTSPL2. If you have the S/38 environment on your system, you must use the Authorization list method described for LMTDLTSPLF to prevent the use of CNLSPLF and CLROUTQ from the S/38 environment library. Prerequisites ------------- The following TAA Tools must be on your system: CHKALLOBJ Check ALLOBJ special authority CHKNAM Check name CONARR Constant array RTVSPCAUT Retrieve special authority SNDCOMPMSG Send completion message SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- LMTDLTSPL2 CMD TAASPLS QATTCMD TAASPLSC PGM CLP TAASPLSC QATTCL TAASPLSC2 PGM CLP TAASPLSC2 QATTCL TAASPLSC3 PGM CLP TAASPLSC3 QATTCL LMTDLTSPL2 *DTAARA The LMTDLTSPL2 data area is in TAASECURE. Structure --------- LMTDLTSPL2 Cmd TAASPLSC CL pgm TAASPLSC2 - DLTSPLF Validity checking program TAASPLSC3 - CL pgm

LMTDLTSPL2      LIMIT DLTSPLF 2                        TAASPLS


The Limit  DLTSPLF  2 command  provides a  more  granular solution  for
limiting  DLTSPLF than  the LMTDLTSPLF  tool.   For a  simple technique
(and better performing solution), see LMTDLTSPLF.

             *******************************************
             *                                         *
             *    CAUTION.  If you limit the           *
             *    DLTSPLF command, there may be        *
             *    system or product functions that     *
             *    will fail because they assume that   *
             *    *PUBLIC has *USE authority to these  *
             *    commands.  In general, you should    *
             *    consider restricting only menu       *
             *    controlled end users.                *
             *                                         *
             *******************************************

Note  that  LMTDLTSPL2  does  not control  CLROUTQ  or  the  ability to
change the OUTQ using CHGSPLFA.

LMTDLTSPL2 Data Area
--------------------

LMTDLTSPL2  provides  the  LMTDLTSPL2  data  area  in  TAASECURE  which
allows  you to  specify  file names  such  as QPJOBLOG  and define  the
authority  required   to  delete  the  spooled  file.    The  authority
specified can be:

  **   *JOBCTL is required

  **   *SPLCTL is required

  **   *ALLOBJ is required

  **   Authorization to a specific authorization list is required.

The LMTDLTSPL2 data  area is changed using  the EDTCONARR TAA  command.

             EDTCONARR     DTAARA(TAASECURE/LMTDLTSPL2)

Only a  user with access  to the  private library TAASECURE  can change
the data area.

The  data  area has  two  entries per  file.   The  left  entry  is the
spooled file  name and  the  right entry  is either  *JOBCTL,  *SPLCTL,
*PUBLIC or  an authorization list  name.  If  an authorization list  is
used, the *PUBLIC  may be given *USE authority  to allow them to delete
the spooled file.

A sample data area might look like:

     SPLF name       Control       Meaning
     ---------       -------       -------

     QPJOBLOG        *JOBCTL       *JOBCTL needed to dlt QPJOBLOG
     PAYROLL         *SPLCTL       *SPLCTL needed to dlt PAYROLL
     INVOICES        AUTL1         AUTL1 auth needed to dlt INVOICES
     PAYABLES        AUTL2         AUTL2 auth needed to dlt PAYABLES
     *OTHER          *JOBCTL       Any other file - dlt needs *JOBCTL
     TEST            *PUBLIC       Any file named TEST can be deleted

The  *OTHER entry is used when the spooled  file name does not exist in
the data area.   The *OTHER entry may  be placed anywhere in  the list.
It is not  searched for until after the specific  file name is searched
for.

If  the spooled file  name does not  exist in the data  area and *OTHER
is not entered, the  user will be allowed  to delete the spooled  file.

Each  time you  make  changes to  the  data area,  you  should run  the
LMTDLTSPL2 command.

LMTDLTSPL2 Command
------------------

After  you enter the required  values in the LMTDLTSPL2  data area, you
need to run the LMTDLTSPL2 command.   Only a user with *ALLOBJ  special
authority  may use  LMTDLTSPL2.   The  command  has no  parameters  and
would be entered as:

         LMTDLTSPL2

Running the command performs two functions:

  **   The contents  of the LMTDLTSPL2  data area area  are checked for
       valid  entries.  The  spooled file names can  only be checked to
       ensure that a valid name exists.

  **   The system DLTSPLF command  is changed with a validity  checking
       program  TAASPLSC2  in  TAATOOL.    When  DLTSPLF  is  run,  the
       program  checks the spooled file name  against the values in the
       LMTDLTSPL2 data area.

Each time LMTDLTSPL2 is run, the  data area is checked and the  DLTSPLF
command validity checking program is changed.

Controlling CLROUTQ
-------------------

The  CLROUTQ command  is  shipped to  allow the  *PUBLIC  user to  *USE
authority.    If you  are going  to  control DLTSPLF,  you  should also
control CLROUTQ.

You  may  use  the   LMTDLTSPLF  tool  with   either  the  command   or
authorization list solution.

Controlling CHGSPLFA
--------------------

The CHGSPLFA  command is  shipped to  allow the *PUBLIC  to change  the
spooled  files that  they have  created.   A user  can change  the OUTQ
parameter  of  an  existing  spooled  file and  cause  the  file  to be
printed which causes the  spool writer to delete the file  (unless SAVE
has been specified).

If you want to prevent this occurrence, see the LMTDLTSPLF tool.

Command parameters                                    *CMD
------------------

None.

New system release implications
-------------------------------

When  a new  system  release is  installed,  the commands  in QSYS  are
deleted and installed as shipped by the system.

Therefore,  you should  place the  LMTDLTSPL2 command  in a  CL program
along with any  other changes to  QSYS objects and  run the program  on
each release.

The LMTDLTSPL2  data area  in TAASECURE will  not be  changed by  a new
release of the TAA Productivity Tools.

Restrictions
------------

Only a user with *ALLOBJ special authority may use LMTDLTSPL2.

If  you have  the S/38  environment on  your system,  you must  use the
Authorization list method described for  LMTDLTSPLF to prevent the  use
of CNLSPLF and CLROUTQ from the S/38 environment library.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CHKALLOBJ       Check *ALLOBJ special authority
     CHKNAM          Check name
     CONARR          Constant array
     RTVSPCAUT       Retrieve special authority
     SNDCOMPMSG      Send completion message
     SNDESCMSG       Send escape message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   LMTDLTSPL2    *CMD                   TAASPLS       QATTCMD
   TAASPLSC      *PGM       CLP         TAASPLSC      QATTCL
   TAASPLSC2     *PGM       CLP         TAASPLSC2     QATTCL
   TAASPLSC3     *PGM       CLP         TAASPLSC3     QATTCL
   LMTDLTSPL2    *DTAARA

The LMTDLTSPL2 data area is in TAASECURE.


Structure
---------

LMTDLTSPL2  Cmd
   TAASPLSC   CL pgm

TAASPLSC2 - DLTSPLF Validity checking program
   TAASPLSC3  - CL pgm

Added to TAA Productivity tools May 1, 1996

Home Page

Up to Top