CHKTAAAUTL -- Check TAA Authorization Lists

CHKTAAAUTL CHECK TAA AUTHORIZATION LISTS TAATOMF
The Check TAA Authorization Lists command checks to ensure that all TAA Authorization Lists are set to PUBLIC EXCLUDE. This is the recommended setting. Allowing PUBLIC access to many TAA functions such as CPYUSRPRF2 would be considered a security violation in most installations. An option exists to change to PUBLIC(EXCLUDE). The command would be entered by an ALLOBJ special authority user as: CHKTAAAUTL A listing is output with the results. If exceptions are reported, you can change the TAA Authorization Lists to PUBLIC(EXCLUDE) by specifying: CHKTAAAUTL OPTION(EXCLUDE) A successful completion will cause all TAA authorization lists that are not PUBLIC(EXCLUDE) to be set to EXCLUDE. An option exists to list the objects that are tied to the Authorization Lists and their last usage information. CHKTAAAUTL escape messages you can monitor for ---------------------------------------------- None. Escape messages from based on functions will be re-sent. CHKTAAAUTL Data Area -------------------- If any exceptions are found, the CHKTAAAUTL data area will exist in QTEMP. This allows a CL program to perform CHKTAAAUTL and check the results with CHKOBJ. Command parameters CMD ------------------ OPTION The option parameter defaults to CHECK to provide only a check of the existing TAA Authorization Lists. EXCLUDE may be specified to set all TAA Authorization Lists to PUBLIC(EXCLUDE). OBJUSE A YES/NO option for whether to list the objects that are tied to the Authorization Lists. NO is the default to not list the objects. YES may be specified if OPTION(CHECK) is used. One line for each object that is authorized to an Authorization List is printed with the last usage information. Restrictions ------------ None. Prerequisites ------------- The following TAA Tools must be on your system: CHKALLOBJ Check ALLOBJ special authority CVTDAT Convert date RTVOBJD2 Retrieve object description 2 RTVSYSVAL3 Retrieve system value 3 SNDCOMPMSG Send completion message SNDSTSMSG Send status message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- CHKTAAAUTL CMD TAATOMF QATTCMD TAATOMFC PGM CLP TAATOMFC QATTCL TAATOMFC2 PGM CLP TAATOMFC2 QATTCL TAATOMFC3 PGM CLP TAATOMFC3 QATTCL TAATOMFR PGM RPG TAATOMFR QATTRPG TAATOMFR2 PGM RPG TAATOMFR2 QATTRPG If OBJUSE(*YES) is specified the TAATOMFR2 program is used with the sub program TAATOMFC3.

CHKTAAAUTL      CHECK TAA AUTHORIZATION LISTS          TAATOMF


The Check  TAA Authorization Lists  command checks  to ensure that  all
TAA  Authorization Lists  are set  to *PUBLIC  *EXCLUDE.   This  is the
recommended  setting.   Allowing *PUBLIC  access to  many TAA functions
such as  CPYUSRPRF2 would be  considered a  security violation in  most
installations.  An option exists to change to *PUBLIC(*EXCLUDE).

The command would be entered by an *ALLOBJ special authority user as:

             CHKTAAAUTL

A listing is output with the results.

If  exceptions  are reported,  you  can  change  the TAA  Authorization
Lists to PUBLIC(*EXCLUDE) by specifying:

             CHKTAAAUTL    OPTION(*EXCLUDE)

A  successful completion  will cause  all TAA authorization  lists that
are not PUBLIC(*EXCLUDE) to be set to *EXCLUDE.

An  option  exists  to   list  the  objects   that  are  tied  to   the
Authorization Lists and their last usage information.

CHKTAAAUTL escape messages you can monitor for
----------------------------------------------

None.  Escape messages from based on functions will be re-sent.

CHKTAAAUTL Data Area
--------------------

If any  exceptions are found,  the CHKTAAAUTL  data area will  exist in
QTEMP.   This allows a  CL program to perform  CHKTAAAUTL and check the
results with CHKOBJ.

Command parameters                                    *CMD
------------------

   OPTION        The option  parameter defaults  to *CHECK  to  provide
                 only  a  check  of  the   existing  TAA  Authorization
                 Lists.

                 *EXCLUDE   may   be   specified   to   set   all   TAA
                 Authorization Lists to PUBLIC(*EXCLUDE).

   OBJUSE        A  *YES/*NO  option for  whether  to list  the objects
                 that are  tied to  the  Authorization Lists.   *NO  is
                 the default to not list the objects.

                 *YES  may  be  specified  if OPTION(*CHECK)  is  used.
                 One  line for  each  object that  is authorized  to an
                 Authorization List  is  printed with  the  last  usage
                 information.

Restrictions
------------

None.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CHKALLOBJ       Check *ALLOBJ special authority
     CVTDAT          Convert date
     RTVOBJD2        Retrieve object description 2
     RTVSYSVAL3      Retrieve system value 3
     SNDCOMPMSG      Send completion message
     SNDSTSMSG       Send status message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   CHKTAAAUTL    *CMD                   TAATOMF       QATTCMD
   TAATOMFC      *PGM       CLP         TAATOMFC      QATTCL
   TAATOMFC2     *PGM       CLP         TAATOMFC2     QATTCL
   TAATOMFC3     *PGM       CLP         TAATOMFC3     QATTCL
   TAATOMFR      *PGM       RPG         TAATOMFR      QATTRPG
   TAATOMFR2     *PGM       RPG         TAATOMFR2     QATTRPG

If OBJUSE(*YES)  is specified  the TAATOMFR2 program  is used  with the
sub program TAATOMFC3.

Added to TAA Productivity tools August 15, 2001

Home Page

Up to Top