TAA Tools
ADPMBR          ADOPT MEMBER                           TAAMBRJ

The  Adopt Member  tool  provides a  solution  for allowing  end  users
(when  using programs) to  perform the  typical member  functions (add,
remove,   and  clear)  on  files  regardless   of  how  the  files  are
authorized.  Three commands are provided:

          ADDPFMADP    - Same as ADDPFM
          CLRPFMADP    - Same as CLRPFM
          RMVMADP      - Same as RMVM

The commands  all adopt  an owner  who has  *ALLOBJ special  authority.
Each  of the  commands  checks the  specified  file to  ensure that  it
exists in  the ADPMBR data area in TAASECURE.   If the file is defined,
the function  is  performed.   If  the file  does  is not  defined,  an
escape message is issued.

The  Security  Officer defines  which  files  are  valid by  using  the
EDTCONARR TAA Tool command on the ADPMBR data area in TAASECURE.

Normal security of files
------------------------

When  a file  is  created, the  default action  allows a  user  to add,
delete, or change records in an existing member.

However, the default  security does  not allow  a typical  end user  to
add, clear, or  remove a member.   Any of these functions  requires the
*OBJMGT right.

If  the  application requires  the  user  to add,  clear,  or remove  a
member, there are several solutions:

  **   Give  the *OBJMGT right  for each file required  to all users of
       the application

  **   Use a program that adopts authority

  **   Grant *ALLOBJ authority to the users

None  of these  solutions  is  ideal.    The ADPMBR  tool  provides  an
alternative solution which provides several advantages.

ADPMBR Advantages
-----------------

  **   The  file  authorization  does  not  need  to  change  from  the
       default  used on  the Create  command.   This prevents  any user
       from specifying one  of the  3 system  member commands  (ADDPFM,
       CLRPFM, RMVM) unless  he is the owner or  has *ALLOBJ authority.

  **   The  3 commands  provided  by the  tool can  only be  used  in a
       program (they  are arbitrarily  restricted so  that they  cannot
       be  used from  a  command entry  display).   This  prevents  the
       casual use  by an end  user (it is  possible for an  end user to
       directly  call  one the  CPPs provided  if the  proper parameter
       list is passed).

  **   The Security  Officer decides what  files are  valid to be  used
       by the  3 commands provided by the  tool.  The naming  of a file
       can  be done at  any time (the  file does not have  to be closed
       to make an authorization change).

  **   The tool  provides commands  that are  similar to  the 3  system
       commands (all the same parameters and options exist).

Security Officer actions
------------------------

The data area ADPMBR  exists in TAASECURE and is  shipped with a sample
entry.   The  Security  Officer enters  the file  names  (and qualified
library) that are valid to  be used by the  3 commands provided by  the
ADPMBR tool.   The ADPMBR  data area is  maintained with the  EDTCONARR
TAA command (part of the CONARR TAA Tool):

        EDTCONARR    DTAARA(TAASECURE/ADPMBR)

When the  edit display appears, a 20 character  value should be entered
with  the  file name  in  the first  10 bytes  and  the library  in the
second 10 bytes.

Up to 45 files may be entered.

It is  possible  to use  the special  values *LIBL  or  *CURLIB as  the
library qualifier.   In fact, either  function may be helpful  to allow
the  same file  to exist  in different libraries  and be  controlled by
the users library  list.  All 3  of the commands  provided by the  tool
default  the  library  qualifier  to  *LIBL.    Thus  if  ADDPFMADP  is
specified as:

      ADDPFMADP    FILE(FILEX) MBR(MBR1)

ADDPFMADP will search the ADPMBR data area for the file named:

         'FILEX     *LIBL     '

If  the file  is not  defined in the  data area,  an escape  message is
sent.

It is  possible to  enter the  same file  name using  both a  qualified
name and the special  values.  Thus the ADPMBR data  area might contain
values such as:

           'FILEX     *LIBL     '
           'FILEX     *CURLIB   '
           'FILEX     LIB1      '
           'FILEY     LIB2      '

The  only significant requirement  is that the  entry in the  data area
must  match exactly what  is specified on the  commands provided by the
tool.  Note that  you must provide a  library value in the ADPMBR  data
area  (a blank  value will  not allow  any of  the 3  tool  commands to
operate properly).

When  the Security Officer has  defined a file, he  can then inform the
programmers  that  they   may  use  the  3   tool  commands  in   their
application programs for that file.

Example
-------

Assume the  application needs  to allow  end users  to add, remove,  or
clear a  member during a program.  The file  is created with the normal
security defaults  (meaning  the *OBJMGT  right  is restricted  to  the
owner or a user with *ALLOBJ authority).

The Security  Officer uses EDTCONARR  as described previously  to enter
the  file name  into the  ADPMBR  data area  in TAASECURE.    The value
appears as:

           'WRKFILE   *LIBL     '

The  programmers  may now  use  any of  the  3 tool  commands  in their
programs:

         ADDPFMADP    FILE(WRKFILE) MBR(MBRX)
            .
            .
         CLRPFMADP    FILE(WRKFILE) MBR(MBRX)
            .
            .
         RMVMADP      FILE(WRKFILE) MBR(MBRX)

Escape messages you may monitor for
-----------------------------------

The following special TAA messages are provided:

   TAA9896       The file name does not exist in the ADPMBR data area

   TAA9893       The file  name exists  in  the ADPMBR  data area,  but
                 the actual  file cannot be found.   An internal CHKOBJ
                 command is used to determine if the file exists.

   TAA9897       Used  by ADDPFMADP when  the member  already exists in
                 the file.

   TAA9895       Used by  CLRPFMADP and  RMVMADP when  the member  does
                 not exist in the file.

System  escape  messages may  also  occur  such  as  if the  member  is
allocated  and  cannot  be  cleared.    These  are  the  normal  escape
messages sent  by the  system  commands that  will  be resent  to  your
program.

ADDPFMADP Command parameters                          *CMD
----------------------------

   FILE          The qualified file  name.  The library  value defaults
                 to *LIBL.  *CURLIB may also be specified.

   MBR           The member to be added.

   TEXT          The member  text to be  used.  The  default is *BLANK.

   EXPDATE       The member expiration date.  The default is *NONE.

   SHARE         Whether  the open  data path  is to  be opened shared.
                 This is a *YES/*NO value that defaults to *NO.

   SRCTYPE       The  source type  if  a  source  file is  used.    The
                 default is *NONE.

CLRPFMADP Command parameters                          *CMD
----------------------------

   FILE          The qualified  file name.  The  library value defaults
                 to *LIBL.  *CURLIB may also be specified.

   MBR           The  member to  be  cleared.   The default  is *FIRST.
                 The special value *LAST may also be used.

RMVMADP Command parameters                            *CMD
--------------------------

   FILE          The qualified file name.   The library value  defaults
                 to *LIBL.  *CURLIB may also be specified.

   MBR           The  member to  be removed.    A generic  name or  the
                 special value *ALL may also be entered.

Restrictions
------------

The CONARR tool allows up to 45 files to be described.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CONARR       Constant array

Implementation
--------------

The  tool is  ready to use,  but the  Security Officer must  first make
entries into  the ADPMBR  data  area in  TAASECURE using  EDTCONARR  to
define the valid files (see previous discussion).

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   ADDPFMADP     *CMD                   TAAMBRJ       QATTCMD
   CLRPFMADP     *CMD                   TAAMBRJ2      QATTCMD
   RMVMADP       *CMD                   TAAMBRJ3      QATTCMD
   TAAMBRJC      *PGM       CLP         TAAMBRJC      QATTCL
   TAAMBRJC2     *PGM       CLP         TAAMBRJC2     QATTCL
   TAAMBRJC3     *PGM       CLP         TAAMBRJC3     QATTCL

Structure
---------

ADDPFMADP   Cmd
   TAAMBRJC   CL pgm

CLRPFMADP   Cmd
   TAAMBRJC2  CL pgm

RMVMADP     Cmd
   TAAMBRJC3  CL pgm
					

Added to TAA Productivity tools May 1, 1996


Home Page Up to Top