TAA Tools

The  Print Program  Security  command provides  a  good review  of  the
security aspects  of a program.   It extracts  information from various
sources,  points  out  considerations  (if  appropriate),  and provides
helpful hints to tighten up security.

To secure  a program  is  not as  easy as  it looks.    There are  many
different things to consider.  PRTPGMSEC brings them together.

A typical command would be entered as:

          PRTPGMSEC   PGM(xxx)

Spooled output would be provided that includes such things as:

  **   The  basic information  about the  program (e.g.    type, owner,
       create and change dates).

  **   Whether the program has been changed since it was created.

  **   Usage information about the program.

  **   If  it is  a CL  program, the  status of  the LOG  and ALWRTVSRC

  **   Whether the  source  file and  member  that  were used  for  the
       create still exist.

  **   Does  the  *PUBLIC have  'change'  or  'read' authority  to  the
       source file.

  **   If  the  member exists  and it  is  a CL  program,  whether user
       written commands exist (based on the CHK400CMD TAA Tool).

  **   If the member  exists, the last  source change date  per SEU  is
       compared against the same  information stored in the object.   A
       determination is  made if the source has  been changed since the
       program was created.

  **   The special authorities of the program owner.

  **   Whether the owner is a group profile.

  **   Whether  the owner is  a member of  a group and  if so, the name
       of the group  profile and the  special authorities of the  group

  **   Whether the program adopts the users profile.

  **   Whether  the program  allows a  program higher  in the  stack to
       pass on an adopted profile's authority.

  **   The authority to the program.

  **   If  an authorization  list  is used,  the name  of the  list and
       where the public  gains its  authorization from  (the object  or
       the authorization  list) is  shown.   If from the  authorization
       list, the authority of the *PUBLIC user is shown.

  **   The last save and restore information about the program.

  **   The  cross  reference information  (files and  programs  used by
       the program).

  **   If the  program adopts  a security  sensitive profile  and  uses
       either QCMD or QCMDEXC, it is specifically highlighted.

  **   If any  libraries exist  before QSYS  on the  system portion  of
       the  library list,  a list  of the  users who  can add  to these
       libraries is shown.

Security   considerations   are   highlighted  by   a   **   for  minor
considerations and ***  for major considerations.   This allows you  to
quickly scan with DSPSPLF for the information.

Helpful  hints   are  provided  to  assist  you   in  providing  better

Command parameters                                    *CMD

   PGM           The  qualified  name  of  the  program.    The library
                 value defaults to *LIBL.


You must  be authorized to  a variety  of objects  to successfully  use
PRTPGMSEC.   The objects include the  program, the owners  profile, the
authorization list, etc.

In  general,  the command  works  best  with a  user  that  has *ALLOBJ
special authority.   No program  adoption occurs  during the  execution
of the program.  System security is used to prevent access.


The following TAA Tools must be on your system:

     ALCTMPMBR    Allocate temporary member
     CHK400CMD    Check i5/OS commands
     CVTSYSLVL    Convert system level
     RTVOBJAUT    Retrieve object authority
     RTVPGMA      Retrieve program attributes
     SNDCOMPMSG   Send completion message
     SNDESCMSG    Send escape message
     SNDSTSMSG    Send status message


None, the tool is ready to use.

Objects used by the tool

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   PRTPGMSEC     *CMD                   TAASECS       QATTCMD
   TAASECSC      *PGM       CLP         TAASECSC      QATTCL
   TAASECSC2     *PGM       CLP         TAASECSC2     QATTCL
   TAASECSC3     *PGM       CLP         TAASECSC3     QATTCL
   TAASECSR      *PGM       RPG         TAASECSR      QATTRPG


   TAASECSC   CL pgm
       TAASECSC2  CL pgm
       TAASECSC3  CL pgm

Added to TAA Productivity tools April 1, 1995

Home Page Up to Top