RVKIFSAUT -- Revoke IFS Authority

RVKIFSAUT REVOKE IFS AUTHORITY TAAIFTX
The Revoke IFS Authority command revokes the authorities of a specified user to IFS objects. The default is to 'check' rather than 'revoke'. A listing is produced describing the results. The authority is not revoked if the user is the owner of the object or if the user is the Primary Group Profile. If the user is authorized via an Authorization List, the Authorization List is not changed. You must have ALLOBJ authority to use RVKIFSAUT. Note, that system supports the CHGAUT command and does not have specific GRT and RVK commands for IFS objects. See the later comparison. A typical command would be: RVKIFSAUT USRPRF(xxx) All the individual authorities specified for the user would be checked. A listing would be produced of what would occur if ACTION(CHECK) had been specified. If the user is the owner of the object, an error will be noted as RVKIFSAUT will not revoke authority for the owner. WRKLNK or the TAA CHGIFSOWN command could be used to change those objects to a different owner. If the user is the Primary Group Profile for the object, an error will be noted. Use WRKLNK or CHGPGP to change the Primary Group Profile. Comparing RVKIFSAUT and CHGAUT ------------------------------ The API used by RVKIFSAUT accesses the authorities for the named user. The CHGAUT command is then used to revoke all the authorities for the named user. The system CHGAUT command processes one or more of the objects specified for the OBJ parameter and can change (including both adding and removing) authorities for one or more users. RVKIFSAUT escape messages you can monitor for --------------------------------------------- TAA9891 No individual authorities exist for the user. Escape messages from based on functions will be re-sent. RVKIFSAUT Command parameters CMD ---------------------------- USRPRF The name of the user profile to revoke authorities for. ACTION The action to be performed. CHECK is the default which allows a listing of what would happen if REVOKE had been specified. Any potential errors are flagged. REVOKE also produces a listing and revokes individual authorities. Authorities are not revoked if the user is the owner of the object or the Primary Group Profile. OUTPUT How to output the results. * is the default to display the spooled file if the command is entered interactively. The spooled file is deleted after it is displayed. If the command is entered in batch or PRINT is specified, the spooled file is output and retained. Restrictions ------------ * You must have ALLOBJ authority to use RVKIFSAUT. * See the previous comments about errors being flagged if the user is the owner of the object or the Primary Group Profile. Prerequisites ------------- The following TAA Tools must be on your system: CHKALLOBJ Check ALLOBJ special authority CVTIFSAUT2 Convert IFS authority 2 RSNLSTMSG Resend last message RTVSYSVAL3 Retrieve system value 3 SNDCOMPMSG Send completion message SNDESCINF Send escape information SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- RVKIFSAUT CMD TAAIFTX QATTCMD TAAIFTXC PGM CLP TAAIFTXC QATTCL TAAIFTXC2 PGM CLP TAAIFTXC2 QATTCL TAAIFTXR *PGM RPG TAAIFTXR QATTRPG

RVKIFSAUT       REVOKE IFS AUTHORITY                   TAAIFTX


The  Revoke  IFS  Authority  command  revokes   the  authorities  of  a
specified user  to IFS objects.  The default  is to 'check' rather than
'revoke'.    A  listing  is  produced  describing  the  results.    The
authority is not revoked if the  user is the owner of the object  or if
the user is  the Primary Group Profile.  If the  user is authorized via
an Authorization List, the Authorization List is not changed.

You must have *ALLOBJ authority to use RVKIFSAUT.

Note,  that  system  supports  the CHGAUT  command  and  does  not have
specific  GRT and  RVK  commands  for  IFS  objects.    See  the  later
comparison.

A typical command would be:

             RVKIFSAUT  USRPRF(xxx)

All  the  individual  authorities  specified  for  the  user  would  be
checked.    A  listing  would  be  produced  of  what  would  occur  if
ACTION(*CHECK) had been specified.

If the user  is the  owner of  the object, an  error will  be noted  as
RVKIFSAUT will not revoke  authority for the owner.  WRKLNK  or the TAA
CHGIFSOWN  command  could  be   used  to  change  those  objects  to  a
different owner.

If  the user  is the  Primary Group  Profile for  the object,  an error
will be  noted.   Use  WRKLNK or  CHGPGP to  change  the Primary  Group
Profile.

Comparing RVKIFSAUT and CHGAUT
------------------------------

The  API used  by  RVKIFSAUT  accesses the  authorities  for the  named
user.   The CHGAUT command  is then used to  revoke all the authorities
for the named user.

The  system CHGAUT  command  processes  one  or  more  of  the  objects
specified for the  OBJ parameter and can change  (including both adding
and removing) authorities for one or more users.

RVKIFSAUT escape messages you can monitor for
---------------------------------------------

      TAA9891    No individual authorities exist for the user.

Escape messages from based on functions will be re-sent.

RVKIFSAUT Command parameters                          *CMD
----------------------------

   USRPRF        The  name of  the user  profile to  revoke authorities
                 for.

   ACTION        The action to be performed.

                 *CHECK is the default which  allows a listing of  what
                 would  happen if  *REVOKE  had  been specified.    Any
                 potential errors are flagged.

                 *REVOKE   also   produces   a  listing   and   revokes
                 individual  authorities.  Authorities  are not revoked
                 if  the  user is  the  owner  of  the  object  or  the
                 Primary Group Profile.

   OUTPUT        How  to output  the  results.   *  is  the default  to
                 display  the spooled  file if  the command  is entered
                 interactively.  The spooled  file is deleted after  it
                 is displayed.

                 If  the  command is  entered  in  batch or  *PRINT  is
                 specified,  the spooled  file is output  and retained.


Restrictions
------------

  **   You must have *ALLOBJ authority to use RVKIFSAUT.

  **   See the  previous comments  about errors  being flagged  if  the
       user is the  owner of the  object or the Primary  Group Profile.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CHKALLOBJ       Check *ALLOBJ special authority
     CVTIFSAUT2      Convert IFS authority 2
     RSNLSTMSG       Resend last message
     RTVSYSVAL3      Retrieve system value 3
     SNDCOMPMSG      Send completion message
     SNDESCINF       Send escape information
     SNDESCMSG       Send escape message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   RVKIFSAUT     *CMD                   TAAIFTX       QATTCMD
   TAAIFTXC      *PGM       CLP         TAAIFTXC      QATTCL
   TAAIFTXC2     *PGM       CLP         TAAIFTXC2     QATTCL
   TAAIFTXR      *PGM       RPG         TAAIFTXR      QATTRPG

Added to TAA Productivity tools April 15, 2010

Home Page

Up to Top