TAA Tools
RSTANYLIB        RESTORE ANY LIBRARY        TAARSTB

The RSTANYLIB  command is  designed for  those cases  where the  system
operator  must restore  a  library that  has programs  which  adopt the
owner's  authority.  This  is typical of  a disaster recovery situation
where all libraries must be restored.

To prevent security exposures,  the system determines who is  doing the
restore  and will make  any programs  private AUT(*EXCLUDE)  that adopt
authority  and are  being restored by  a user  other than  the owner or
the security officer.

To  avoid losing  authority  when  these  programs  are  restored,  the
RSTANYLIB  command may  be  used.   The  user of  the  command must  be
authorized  to  the TAARSTANYL  authorization list.    RSTANYLIB allows
the system  operator to  perform the  task without  requiring that  the
operator be signed  on as the  Security Officer.  RSTANYLIB  adopts the
authority of the Security Officer for the duration of the command.

Note that  there is a  security exposure when  a user is  authorized to
RSTANYLIB.    This would  allow the  user to  restore a  simple program
that adopts  the  Security Officers  profile and  act  as the  Security
Officer.   You must limit the  use of RSTANYLIB to  trusted individuals
or  revoke their authority  to the TAARSTANYL  authorization list after
they have performed the required function.

The command has no parameters.  It is entered as:

      RSTANYLIB

The operator  receives  the  prompt  for the  RSTLIB  command  and  can
operate as  the Security  Officer during  the execution  of the  RSTLIB
command.

Command parameters                                    *CMD
------------------

The command has no parameters.

Security considerations
-----------------------

You must have Security Officer rights to create RSTANYLIB.

The  user  of   the  command  must  be  authorized  to  the  TAARSTANYL
authorization list.  See  the previous comments  about the exposure  of
authorizing a user to the authorization list.

Restrictions
------------

None.

Prerequisites
-------------

None.

Implementation
--------------

The  tool is  ready  to use,  but  a user  must  be authorized  to  the
TAARSTANYL authorization list.

Use either EDTAUTL or the following command:

      ADDAUTLE   AUTL(TAARSTANYL) USER(xxxx) AUT(*USE)

Objects used by the tool
------------------------

   Object        Type       Attribute      Src member     Src file
   ------        -----      ---------      ----------     -----------

   RSTANYLIB     *CMD                      TAARSTB        QATTCMD
   TAARSTBC      *PGM          CLP         TAARSTBC       QATTCL
					

Added to TAA Productivity tools April 1, 1995


Home Page Up to Top