The Check TAA Authorities command checks the current authorities for
TAA objects and compares them to the shipped version of the product.
TAA objects in QSYS may also be included in the check such as
Authorization Lists. This allows a simple determination of what
authority changes have been made on your system. This helps ensure
that the TAA Tools may not be used without proper authority.
You must have *ALLOBJ authority to use CHKTAAAUT.
When *ALL or *CMD is specified for the type of authorities, TAA
commands outside of library TAATOOL are also considered. This
includes TAA commands if a TAA Command library exists, but excludes
commands in QSYS, QSYS38, or QSYSVxxx (prior release commands).
When *ALL is specified for the type of authorities, TAA objects
outside of TAATOOL and TAASECURE are flagged.
A typical use would be to submit the command to batch as it is a long
running function if *ALL types of objects are requested.
SBMJOB JOB(CHKTAAAUT) CMD(CHKTAAAUT TYPE(*ALL))
A listing would be output. The listing may have:
** Exceptions where you have made a change such as adding a user
to an authorization list or changed the shipped authorization
for the *PUBLIC user.
** Warnings such as a different owner of the SNDTIMMSG data queue
(this could occur if you delete and re-create the data queue.
Most TAA objects are shipped as *PUBLIC(*USE) and owned by QSECOFR.
Several exceptions exist such as Authorization Lists which are
shipped *PUBLIC(*EXCLUDE), objects where the *PUBLIC is specified as
*AUTL, and the TAAJOBCTL user profile.
As part of the TAA Productivity Tools product, file TAATOMMP is
shipped with some specific exceptions. The file contains one record
for each object that has an exception in authority or authorization
list such as if the *PUBLIC user is not *USE.
When CHKTAAAUT begins, a file is created or every object specified on
the CHKTAAAUT command. The file is then read and DSPOBJAUT is used
for each object to create an outfile of authorizations. The TAATOMMP
file is read and is used to build an array in the program.
The DSPOBJAUT outfile is then read. General exceptions such as
Authorization List objects, the TAAJOBCTL user profile are handled
with unique code. The majority of objects are checked against the
array of exceptions and any differences are noted.
Both exceptions and warnings may appear in the listing. Exceptions
are considered to be significant changes such as where the authority
to an object has been changed, a user has been added, or an
Authorization List is not *PUBLIC *EXCLUDE.
Warnings may be issued for situations such as where the TAAJOBCTL
user profile or the SNDTIMMSG *DTAQ are not owned by QSECOFR.
CHKTAAAUT escape messages you can monitor for
None. Escape messages from based on functions will be re-sent.
CHKTAAAUT Command parameters *CMD
TYPE The type of objects to be checked.
*ALL is the default which checks the authorizations
to all objects in TAATOOL, all TAA* Authorization
Lists, the library objects TAATOOL and TAASECURE,
and the TAAJOBCTL user profile. TAA commands
outside of TAATOOL are also considered. TAA object
names that exist outside of the TAATOOL and
TAASECURE libraries are flagged.
You may request up to 20 individual object types
such as *AUTL and/or the object types within TAATOOL
such as *CMD, *PGM, etc. For the complete list, use
the command prompter.
OUTPUT How to output the results. * is the default to
display the spooled file if the command is entered
interactively. The spooled file is deleted after it
If the command is entered in batch or *PRINT is
specified, the spooled file is output and retained.
You must have *ALLOBJ special authority to use CHKTAAAUT.
The following TAA Tools must be on your system:
CHKALLOBJ Check *ALLOBJ special authority
CVTLIBOBJD Convert library object descriptions
CVTPGMA Convert program attributes
EDTVAR Edit variable
EXTLST Extract list
RTVOBJD2 Retrieve object description 2
RTVSYSVAL3 Retrieve system value 3
RTVTAALIC Retrieve TAA license
SNDCOMPMSG Send completion message
SNDESCINF Send escape information
SNDJLGMSG Send job log message
SNDSTSMSG Send status message
None, the tool is ready to use.
Objects used by the tool
Object Type Attribute Src member Src file
------ ---- --------- ---------- ----------
CHKTAAAUT *CMD TAATOMM QATTCMD
TAATOMMC *PGM CLP TAATOMMC QATTCL
TAATOMMC2 *PGM CLP TAATOMMC2 QATTCL
TAATOMMC3 *PGM CLP TAATOMMC3 QATTCL
TAATOMMC4 *PGM CLP TAATOMMC4 QATTCL
TAATOMMR *PGM RPG TAATOMMR QATTRPG
TAATOMMR3 *PGM RPG TAATOMMR3 QATTRPG
TAATOMMR4 *PGM RPG TAATOMMR4 QATTRPG
TAATOMMP *FILE PF TAATOMMP QATTDDS
TAATOMMC CL Pgm - Gets outfile of *AUTLs
- Gets TAAJOBCTL user profile
- Gets objects in TAATOOL and TAASECURE
- Gets program objects for adoption
TAATOMMC3 CL Pgm - Gets command objects outside of TAATOOL
TAATOMMR3 RPG Pgm - Checks for TAA commands in list
TAATOMMC4 CL Pgm - Gets TAA objects outside TAATOOL/TAASECUR
TAATOMMC2 CL Pgm - Gets object authorities
TAATOMMR RPG Pgm - Print program