CHGAUT2 -- Change Authorization 2 - No Low Level Messages

CHGAUT2 CHANGE AUTHORIZATION 2 TAASEIP
The Change Authority 2 command is a simple front end to the system CHGAUT command that operates only on objects in a library. Multiple users may be specified, but not all CHGAUT functions are supported. Unlike GRT/RVKOBJAUT, there are no low level messages that clutter the job log and cannot be removed. You must have OBJMGT authority to the object being changed. A typical command to provide USE authority for user JONES to the program object PGMA would be: CHGAUT2 OBJ(PGMA) OBJTYPE(PGM) USER(JONES) AUT(USE) CHGAUT2 always removes any existing authorities first. More complex authorization can be specified such as: CHGAUT2 OBJ(PGMA) OBJTYPE(PGM) USER(JONES) AUT(OBJMGT OBJALTER READ EXECUTE) Because the CHGAUT command (executed internally) uses only the AUT special values RWX, W, RX etc), any use of the 'W' function causes all the object security functions of ADD, UPD, and DLT. Differences with CHGAUT ----------------------- * CHGAUT provides the normal IFS OBJ parameter interface. CHGAUT2 provides the normal obj/lib interface. CHGAUT provides for both data authorities and object authorities. CHGAUT2 provides a single AUT parameter which provides a similar function to GRT/RVKOBJAUT. CHGAUT provides for changes to the Authorization List (AUTL) of the object. CHGAUT2 does not (see the CHGOBJAUTL command for this function). CHGAUT can change multiple objects within a directory. CHGAUT2 does not have a similar function. CHGAUT2 provides better feedback on some errors and for a normal completion. Processing of AUT options ------------------------- CHGAUT2 always removes any existing authorities for the named user(s). No error occurs if the user has no authority. This avoids some unique problems where CHGAUT only adds the requested authority. CHGAUT2 does not provide for the OBJOPR AUT value. The value is implicitly applied by the system for such functions as CHANGE, USE, or READ. The single AUT values such as CHANGE or ALL provide the same function as the same value on GRTOBJAUT. The object authorities such as OBJMGT and OBJREF provide the same function as the same value on GRTOBJAUT. Since CHGAUT allows only the data authorities of RWX, W, RX etc, these must be mapped to the obj/lib values of READ, UPD, etc. * The 'R' and 'X' values are straightforward in that they are mapped to the READ and EXECUTE values. ** The 'W' function is specified as ADD, UPD, DLT. There is no method using CHGAUT2 to specify just one of the ADD, UPD, DLT values. As with GRTOBJAUT, specifying READ and EXECUTE is the same as specifying USE and the value USE will appear on EDT/DSPOBJAUT. Similarly, specifying READ, ADD, UPD, DLT, and EXECUTE is the same as specifying CHANGE and the value CHANGE will appear on EDT/DSPOBJAUT. CHGAUT2 escape messages you can monitor for ------------------------------------------- None. Escape messages from based on functions will be re-sent. CHGAUT2 Command parameters CMD -------------------------- OBJ The qualified name of the object to change authority for. The library value defaults to LIBL. A specific library or CURLIB may also be used. OBJTYPE The object type to be changed. Use the prompter to see the supported values. USER The user profile to change the authority for. Up to 50 names may be specified. AUT The authority to be changed to. Any existing authority is first removed for the named user(s) and the new authority is then specified. For any value entered (such as CHANGE), it is the equivalent of using GRTOBJAUT AUT(xxx) where xxx is the specified value. See the previous discussion 'Processing of AUT options'. One of the following single values may be specified: REMOVE - If the user does not have any existing authority, the command completes normally. CHANGE ALL USE EXCLUDE The following may be specified in a list of up to 10 values. OBJALTER OBJEXIST OBJMGT OBJOPR OBJREF READ ADD - See the previous discussion DLT - See the previous discussion UPD - See the previous discussion EXECUTE Restrictions ------------ You must have OBJMGT authority to the object. Prerequisites ------------- The following TAA Tools must be on your system: CHKOBJ3 Check object 3 EXTLST Extract list EXTLST2 Extract list 2 RSNLSTMSG Resend last message SCNVAR Scan variable SNDESCINF Send escape information SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- CHGAUT2 CMD TAASEIP QATTCMD TAASEIPC *PGM CLP TAASEIPC QATTCL

CHGAUT2         CHANGE AUTHORIZATION 2                 TAASEIP


The Change  Authority 2  command is a  simple front  end to  the system
CHGAUT command  that operates only  on objects in a  library.  Multiple
users  may be  specified, but not  all CHGAUT  functions are supported.
Unlike GRT/RVKOBJAUT,  there are  no  low level  messages that  clutter
the job log and cannot be removed.

You must have *OBJMGT authority to the object being changed.

A  typical command  to provide  *USE authority  for user  JONES  to the
program object PGMA would be:

              CHGAUT2  OBJ(PGMA) OBJTYPE(*PGM)
                         USER(JONES) AUT(*USE)

CHGAUT2 always removes any existing authorities first.

More complex authorization can be specified such as:

              CHGAUT2  OBJ(PGMA) OBJTYPE(*PGM)
                         USER(JONES) AUT(*OBJMGT *OBJALTER
                         *READ *EXECUTE)

Because  the CHGAUT  command  (executed internally)  uses only  the AUT
special values *RWX, *W, *RX etc),  any use of the 'W' function  causes
all the object security functions of *ADD, *UPD, and *DLT.

Differences with CHGAUT
-----------------------

  **   CHGAUT  provides   the  normal  IFS  OBJ   parameter  interface.
       CHGAUT2 provides the normal obj/lib interface.

  **   CHGAUT   provides   for  both   data   authorities   and  object
       authorities.   CHGAUT2 provides  a  single AUT  parameter  which
       provides a similar function to GRT/RVKOBJAUT.

  **   CHGAUT provides  for changes  to the  Authorization List  (AUTL)
       of  the object.   CHGAUT2 does  not (see the  CHGOBJAUTL command
       for this function).

  **   CHGAUT   can  change   multiple  objects   within  a  directory.
       CHGAUT2 does not have a similar function.

  **   CHGAUT2  provides better  feedback  on  some errors  and  for  a
       normal completion.

Processing of AUT options
-------------------------

CHGAUT2  always   removes  any  existing  authorities   for  the  named
user(s).   No error occurs if  the user has no  authority.  This avoids
some unique problems  where CHGAUT only  adds the requested  authority.

CHGAUT2 does  not provide  for the  *OBJOPR AUT  value.   The value  is
implicitly applied  by the system for such  functions as *CHANGE, *USE,
or *READ.

The single  AUT  values  such  as *CHANGE  or  *ALL  provide  the  same
function as the same value on GRTOBJAUT.

The object  authorities such as  *OBJMGT and  *OBJREF provide the  same
function as the same value on GRTOBJAUT.

Since  CHGAUT allows only  the data authorities  of *RWX, *W,  *RX etc,
these must be mapped to the obj/lib values of *READ, *UPD, etc.

  **   The  'R' and  'X' values  are straightforward  in that  they are
       mapped to the *READ and *EXECUTE values.

  **   The 'W' function  is specified  as *ADD, *UPD,  *DLT.  There  is
       no method using  CHGAUT2 to specify just one  of the *ADD, *UPD,
       *DLT values.

As  with  GRTOBJAUT,  specifying  *READ and  *EXECUTE  is  the  same as
specifying *USE and the value *USE will appear on EDT/DSPOBJAUT.

Similarly, specifying  *READ, *ADD,  *UPD, *DLT,  and  *EXECUTE is  the
same  as  specifying *CHANGE  and  the  value  *CHANGE will  appear  on
EDT/DSPOBJAUT.

CHGAUT2 escape messages you can monitor for
-------------------------------------------

None.  Escape messages from based on functions will be re-sent.

CHGAUT2 Command parameters                            *CMD
--------------------------

   OBJ           The  qualified name of the  object to change authority
                 for.    The  library  value  defaults  to  *LIBL.    A
                 specific library or *CURLIB may also be used.

   OBJTYPE       The object type  to be changed.   Use the  prompter to
                 see the supported values.

   USER          The user  profile to change the authority  for.  Up to
                 50 names may be specified.

   AUT           The   authority  to  be  changed  to.    Any  existing
                 authority is first  removed for the named  user(s) and
                 the new authority is then specified.

                 For  any value entered  (such as  *CHANGE), it  is the
                 equivalent  of using  GRTOBJAUT AUT(xxx) where  xxx is
                 the specified  value.   See  the  previous  discussion
                 'Processing of AUT options'.

                 One of the following single values may be specified:

                    *REMOVE - If the user does not have
                              any existing authority, the
                              command completes normally.
                    *CHANGE
                    *ALL
                    *USE
                    *EXCLUDE

                 The following may  be specified in a list of  up to 10
                 values.

                   *OBJALTER
                   *OBJEXIST
                   *OBJMGT
                   *OBJOPR
                   *OBJREF
                   *READ
                   *ADD       - See the previous discussion
                   *DLT       - See the previous discussion
                   *UPD       - See the previous discussion
                   *EXECUTE


Restrictions
------------

You must have *OBJMGT authority to the object.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CHKOBJ3         Check object 3
     EXTLST          Extract list
     EXTLST2         Extract list 2
     RSNLSTMSG       Resend last message
     SCNVAR          Scan variable
     SNDESCINF       Send escape information
     SNDESCMSG       Send escape message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   CHGAUT2       *CMD                   TAASEIP       QATTCMD
   TAASEIPC      *PGM       CLP         TAASEIPC      QATTCL

Added to TAA Productivity tools January 15, 2011

Home Page

Up to Top