TAA Tools

The Print Non-IBM Objects  command is designed for use  when converting
from one  hardware system to  another.  If  any user objects  have been
accidentally  placed in  system libraries,  they will  be lost  if only
user  libraries  are restored.    PRTNONIBM  can  help  find  any  user
objects that may exist in system libraries.

PRTNONIBM  may also  be  used as  a  security check.    See the  detail

When  a new  release  is installed  on the  same hardware,  the primary
restore technique is  to replace any  existing objects.   Consequently,
if a  user object  existed in  a system library,  it would  still exist
after the new release is installed.

However,  when new hardware  is acquired, the  user may not  be able to
follow the recommended  install process of  installing the new  release
on  the old  hardware  and then  doing  a scratch  install  on the  new
hardware.   If the  user objects  must be  saved from the  old hardware
and  restored  on the  new  hardware, there  is  an exposure  to losing

The system  provides  a solution  for typical  object  types that  must
exist  in  QSYS  such  as  security  and  configuration  objects.    No
solution is provided for other object types which are not expected.

PRTNONIBM  is designed to produce  a list of objects  that may not have
been created by the system and should be reviewed.

You must have *ALLOBJ special authority to use PRTNONIBM.

A typical command would be:


The following occurs:

  **   The command defaults  to run over  all libraries beginning  with
       the letter Q.

  **   Objects that are  intended to be owned by users  such as *USRPRF
       and *LIND are omitted.

  **   Any objects  that were created by a  user profile beginning with
       *IBM  are   implicitly  omitted.      The  'created   by   *IBM'
       information only  exists  for objects  that are  on the  install
       tape and  used in a  simple restore function.   Many objects are
       created  during the  install process  and the  'created by user'
       may be any one of several user profiles.

       By  default, any  objects  that  were  created  by  the  typical
       system  install profiles  of QLPINSTALL,  QLPAUTO, and  QSYS are

  **   The  remaining objects will  be listed.  Within  the list, there
       will still  be system  objects, but  the list  will probably  be
       small enough for you to manually review.

PRTNONIBM escape messages you can monitor for

      TAA9895    No objects exist in the library.

Escape messages from based on functions will be re-sent.

Using PRTNONIBM as a Security Review

When  an object  is created,  the user  profile name  that created  the
object  is placed  in  the object  description portion  of  the object.
The same user  profile name normally  becomes the owner  of the  object
(the owner is kept as a separate value).

The owner  of an object  may be changed  by the command  CHGOBJOWN, but
no  external  function (command  or  API)  can  change the  information
about who initially created the object.

System  objects are predominantly  shipped with a  'created by user' of
*IBM.  PRTNONIBM bypasses these objects implicitly.

The  typical profile  names  that are  used  by  the system  to  create
objects  at  installation  time  (QLPINSTALL, QLPAUTO,  and  QSYS)  are
shipped  as  PASSWORD(*NONE)  meaning  they  may  not  be  signed  onto
interactively.   It  is  not  possible to  use  external  functions  to
submit  a  job  with  these  names (they  are  prevented  in  the  USER
parameter of SBMJOB and when creating a Job Description).

It is  possible to use CHGOBJOWN  to change the ownership  of an object
to one of these profiles.

Therefore, if only  external functions  (commands and  APIs) are  being
used on  your  system, PRTNONIBM  will produce  a listing  that may  be
reviewed from  a security viewpoint.  You  may also consider specifying
OMTINSPRF(*NO) to further review certain objects.

There  is no  known method  of determining  whether the objects  in the
listing are  really system objects.   You  can only look  at the  names
and  the  other  information  on   the  listing  to  help  you  make  a
determination.    *PGM objects  that  exist in  a Q  library  should be

Command parameters                                    *CMD

   LIB           The name  or  generic  name  of the  libraries  to  be
                 accessed.    The  default  is   Q*  to  run  over  all
                 libraries beginning with the letter Q.

   OMTINSPRF     Whether   to   omit  any   objects   created   by  the
                 QLPINSTALL, QLPAUTO,  and  QSYS user  profiles.    The
                 default  is *YES.    These  are typical  user  profile
                 names  that  are used  during  the  install to  create

                 *NO  may be  specified to  include objects  created by
                 these  profiles.   Specifying  *NO  may  assist  in  a
                 Security review.  See the tool documentation.


You must have *ALLOBJ special authority to use PRTNONIBM.

Using  the  defaults  will  produce   a  list  that  must  manually  be


The following TAA Tools must be on your system:

     CHKALLOBJ       Check all object special authority
     CHKGENERC       Check generic
     EDTVAR          Edit variable
     RTVOBJLST       Retrieve object list
     RTVSYSVAL3      Retrieve system value 3
     SNDCOMPMSG      Send completion message
     SNDESCMSG       Send escape message
     SNDSTSMSG       Send status message


None, the tool is ready to use.

Objects used by the tool

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   PRTNONIBM     *CMD                   TAASYTC       QATTCMD
   TAASYTCC      *PGM       CLP         TAASYTCC      QATTCL
   TAASYTCR      *PGM       RPG         TAASYTCR      QATTRPG

Added to TAA Productivity tools May 1, 2000

Home Page Up to Top