PRTNONIBM -- Print Non-IBM Objects

PRTNONIBM PRINT NON-IBM OBJECTS TAASYTC
The Print Non-IBM Objects command is designed for use when converting from one hardware system to another. If any user objects have been accidentally placed in system libraries, they will be lost if only user libraries are restored. PRTNONIBM can help find any user objects that may exist in system libraries. PRTNONIBM may also be used as a security check. See the detail discussion. When a new release is installed on the same hardware, the primary restore technique is to replace any existing objects. Consequently, if a user object existed in a system library, it would still exist after the new release is installed. However, when new hardware is acquired, the user may not be able to follow the recommended install process of installing the new release on the old hardware and then doing a scratch install on the new hardware. If the user objects must be saved from the old hardware and restored on the new hardware, there is an exposure to losing objects. The system provides a solution for typical object types that must exist in QSYS such as security and configuration objects. No solution is provided for other object types which are not expected. PRTNONIBM is designed to produce a list of objects that may not have been created by the system and should be reviewed. You must have ALLOBJ special authority to use PRTNONIBM. A typical command would be: PRTNONIBM The following occurs: * The command defaults to run over all libraries beginning with the letter Q. ** Objects that are intended to be owned by users such as USRPRF and LIND are omitted. ** Any objects that were created by a user profile beginning with IBM are implicitly omitted. The 'created by IBM' information only exists for objects that are on the install tape and used in a simple restore function. Many objects are created during the install process and the 'created by user' may be any one of several user profiles. By default, any objects that were created by the typical system install profiles of QLPINSTALL, QLPAUTO, and QSYS are omitted. ** The remaining objects will be listed. Within the list, there will still be system objects, but the list will probably be small enough for you to manually review. PRTNONIBM escape messages you can monitor for --------------------------------------------- TAA9895 No objects exist in the library. Escape messages from based on functions will be re-sent. Using PRTNONIBM as a Security Review ------------------------------------ When an object is created, the user profile name that created the object is placed in the object description portion of the object. The same user profile name normally becomes the owner of the object (the owner is kept as a separate value). The owner of an object may be changed by the command CHGOBJOWN, but no external function (command or API) can change the information about who initially created the object. System objects are predominantly shipped with a 'created by user' of IBM. PRTNONIBM bypasses these objects implicitly. The typical profile names that are used by the system to create objects at installation time (QLPINSTALL, QLPAUTO, and QSYS) are shipped as PASSWORD(NONE) meaning they may not be signed onto interactively. It is not possible to use external functions to submit a job with these names (they are prevented in the USER parameter of SBMJOB and when creating a Job Description). It is possible to use CHGOBJOWN to change the ownership of an object to one of these profiles. Therefore, if only external functions (commands and APIs) are being used on your system, PRTNONIBM will produce a listing that may be reviewed from a security viewpoint. You may also consider specifying OMTINSPRF(NO) to further review certain objects. There is no known method of determining whether the objects in the listing are really system objects. You can only look at the names and the other information on the listing to help you make a determination. PGM objects that exist in a Q library should be considered. Command parameters CMD ------------------ LIB The name or generic name of the libraries to be accessed. The default is Q to run over all libraries beginning with the letter Q. OMTINSPRF Whether to omit any objects created by the QLPINSTALL, QLPAUTO, and QSYS user profiles. The default is YES. These are typical user profile names that are used during the install to create objects. NO may be specified to include objects created by these profiles. Specifying NO may assist in a Security review. See the tool documentation. Restrictions ------------ You must have ALLOBJ special authority to use PRTNONIBM. Using the defaults will produce a list that must manually be reviewed. Prerequisites ------------- The following TAA Tools must be on your system: CHKALLOBJ Check all object special authority CHKGENERC Check generic EDTVAR Edit variable RTVOBJLST Retrieve object list RTVSYSVAL3 Retrieve system value 3 SNDCOMPMSG Send completion message SNDESCMSG Send escape message SNDSTSMSG Send status message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- PRTNONIBM CMD TAASYTC QATTCMD TAASYTCC PGM CLP TAASYTCC QATTCL TAASYTCR *PGM RPG TAASYTCR QATTRPG

PRTNONIBM       PRINT NON-IBM OBJECTS                  TAASYTC


The Print Non-IBM Objects  command is designed for use  when converting
from one  hardware system to  another.  If  any user objects  have been
accidentally  placed in  system libraries,  they will  be lost  if only
user  libraries  are restored.    PRTNONIBM  can  help  find  any  user
objects that may exist in system libraries.

PRTNONIBM  may also  be  used as  a  security check.    See the  detail
discussion.

When  a new  release  is installed  on the  same hardware,  the primary
restore technique is  to replace any  existing objects.   Consequently,
if a  user object  existed in  a system library,  it would  still exist
after the new release is installed.

However,  when new hardware  is acquired, the  user may not  be able to
follow the recommended  install process of  installing the new  release
on  the old  hardware  and then  doing  a scratch  install  on the  new
hardware.   If the  user objects  must be  saved from the  old hardware
and  restored  on the  new  hardware, there  is  an exposure  to losing
objects.

The system  provides  a solution  for typical  object  types that  must
exist  in  QSYS  such  as  security  and  configuration  objects.    No
solution is provided for other object types which are not expected.

PRTNONIBM  is designed to produce  a list of objects  that may not have
been created by the system and should be reviewed.

You must have *ALLOBJ special authority to use PRTNONIBM.

A typical command would be:

            PRTNONIBM

The following occurs:

  **   The command defaults  to run over  all libraries beginning  with
       the letter Q.

  **   Objects that are  intended to be owned by users  such as *USRPRF
       and *LIND are omitted.

  **   Any objects  that were created by a  user profile beginning with
       *IBM  are   implicitly  omitted.      The  'created   by   *IBM'
       information only  exists  for objects  that are  on the  install
       tape and  used in a  simple restore function.   Many objects are
       created  during the  install process  and the  'created by user'
       may be any one of several user profiles.

       By  default, any  objects  that  were  created  by  the  typical
       system  install profiles  of QLPINSTALL,  QLPAUTO, and  QSYS are
       omitted.

  **   The  remaining objects will  be listed.  Within  the list, there
       will still  be system  objects, but  the list  will probably  be
       small enough for you to manually review.

PRTNONIBM escape messages you can monitor for
---------------------------------------------

      TAA9895    No objects exist in the library.

Escape messages from based on functions will be re-sent.

Using PRTNONIBM as a Security Review
------------------------------------

When  an object  is created,  the user  profile name  that created  the
object  is placed  in  the object  description portion  of  the object.
The same user  profile name normally  becomes the owner  of the  object
(the owner is kept as a separate value).

The owner  of an object  may be changed  by the command  CHGOBJOWN, but
no  external  function (command  or  API)  can  change the  information
about who initially created the object.

System  objects are predominantly  shipped with a  'created by user' of
*IBM.  PRTNONIBM bypasses these objects implicitly.

The  typical profile  names  that are  used  by  the system  to  create
objects  at  installation  time  (QLPINSTALL, QLPAUTO,  and  QSYS)  are
shipped  as  PASSWORD(*NONE)  meaning  they  may  not  be  signed  onto
interactively.   It  is  not  possible to  use  external  functions  to
submit  a  job  with  these  names (they  are  prevented  in  the  USER
parameter of SBMJOB and when creating a Job Description).

It is  possible to use CHGOBJOWN  to change the ownership  of an object
to one of these profiles.

Therefore, if only  external functions  (commands and  APIs) are  being
used on  your  system, PRTNONIBM  will produce  a listing  that may  be
reviewed from  a security viewpoint.  You  may also consider specifying
OMTINSPRF(*NO) to further review certain objects.

There  is no  known method  of determining  whether the objects  in the
listing are  really system objects.   You  can only look  at the  names
and  the  other  information  on   the  listing  to  help  you  make  a
determination.    *PGM objects  that  exist in  a Q  library  should be
considered.

Command parameters                                    *CMD
------------------

   LIB           The name  or  generic  name  of the  libraries  to  be
                 accessed.    The  default  is   Q*  to  run  over  all
                 libraries beginning with the letter Q.

   OMTINSPRF     Whether   to   omit  any   objects   created   by  the
                 QLPINSTALL, QLPAUTO,  and  QSYS user  profiles.    The
                 default  is *YES.    These  are typical  user  profile
                 names  that  are used  during  the  install to  create
                 objects.

                 *NO  may be  specified to  include objects  created by
                 these  profiles.   Specifying  *NO  may  assist  in  a
                 Security review.  See the tool documentation.

Restrictions
------------

You must have *ALLOBJ special authority to use PRTNONIBM.

Using  the  defaults  will  produce   a  list  that  must  manually  be
reviewed.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CHKALLOBJ       Check all object special authority
     CHKGENERC       Check generic
     EDTVAR          Edit variable
     RTVOBJLST       Retrieve object list
     RTVSYSVAL3      Retrieve system value 3
     SNDCOMPMSG      Send completion message
     SNDESCMSG       Send escape message
     SNDSTSMSG       Send status message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   PRTNONIBM     *CMD                   TAASYTC       QATTCMD
   TAASYTCC      *PGM       CLP         TAASYTCC      QATTCL
   TAASYTCR      *PGM       RPG         TAASYTCR      QATTRPG

Added to TAA Productivity tools May 1, 2000

Home Page

Up to Top