CHKSPCAUT -- Check Special Authorities

CHKSPCAUT CHECK SPECIAL AUTHORITIES TAASEFE
The Check Special Authorities command allows a check of a specific user's special authorities or the current user. If the current user is requested 1) the check includes both program adopt and group adopt and 2) the check occurs at the previous call level so that any current program adopt status is not included. A typical command would be: CHKSPCAUT ALLOBJ(YES) SECADM(YES) The current user is checked for ALLOBJ and SECADM. If the user profile (including program adopt and group adopt) does not have both special authorities, TAA9891 is sent as an escape message. The check is made beginning at the program prior to the program that ran CHKSPCAUT in the program stack. This allows the program that uses CHKSPCAUT to adopt and still determine if the user has the specified special authorities. If a specific user profile name is entered, the current user must be authorized to that profile. There is an optional parameter ERRTXT that allows you to supply the message text sent for the CPF9898 message. This is intended for situations where you are using a Standard Error handling routine and just want to bubble the message back. For example, assume PGMA calls PGMB and PGMB contains CHKJOBCTL. If PGMB contains a standard error handling routine, the error text would be sent to PGMA. CHKSPCAUT JOBCTL(YES) ERRTXT('You must have + JOBCTL special authority to use the + xxxx function') The QSYCUSRS API is used. CHKSPCAUT escape messages you can monitor for --------------------------------------------- TAA9891 User does not have the specified special authorities TAA9892 No special authorities were requested CPF9802 Not authorized to the user profile named Escape messages from based on functions will be re-sent. Command parameters CMD ------------------ USRPRF The user profile to check special authorities for. The default is CURRENT meaning the current user. When CURRENT is specified, the check includes both program adopt and group adopt. A specific user profile may be entered. If entered, the check is only to the existing user profile. The current user must be authorized to the specified user profile. ALLOBJ A YES/NO value for whether to check for ALLOBJ special authority. The default is 'NO' for no check. A 'YES' entry causes a check for the special authority. AUDIT A YES/NO value for whether to check for AUDIT special authority. The default is 'NO' for no check. A 'YES' entry causes a check for the special authority. IOSYSCFG A YES/NO value for whether to check for IOSYSCFG special authority. The default is 'NO' for no check. A 'YES' entry causes a check for the special authority. JOBCTL A YES/NO value for whether to check for JOBCTL special authority. The default is 'NO' for no check. A 'YES' entry causes a check for the special authority. SAVSYS A YES/NO value for whether to check for SAVSYS special authority. The default is 'NO' for no check. A 'YES' entry causes a check for the special authority. SECADM A YES/NO value for whether to check for SECADM special authority. The default is 'NO' for no check. A 'YES' entry causes a check for the special authority. SERVICE A YES/NO value for whether to check for SERVICE special authority. The default is 'NO' for no check. A 'YES' entry causes a check for the special authority. SPLCTL A YES/NO value for whether to check for SPLCTL special authority. The default is 'NO' for no check. A 'YES' entry causes a check for the special authority. ERRTXT The error text to be used if an error occurs. The default is STD which produces standard error text. The intent of allowing you to enter the text is if you are using the CHKSPCAUT command in a program that uses a standard error handling routine to bubble up the message text to the caller. You can supply some specific text relative to the function of your program. Restrictions ------------ If a specific user profile is named, the current user must be authorized to that profile. Prerequisites ------------- The following TAA Tools must be on your system: SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- CHKSPCAUT CMD TAASEFE QATTCMD TAASEFEC PGM CLP TAASEFEC QATTCL

CHKSPCAUT       CHECK SPECIAL AUTHORITIES              TAASEFE


The Check  Special Authorities  command allows  a check  of a  specific
user's special  authorities or the  current user.  If  the current user
is  requested 1) the check includes  both program adopt and group adopt
and 2)  the  check  occurs at  the  previous  call level  so  that  any
current program adopt status is not included.

A typical command would be:

             CHKSPCAUT      ALLOBJ(*YES) SECADM(*YES)

The  current user  is checked  for *ALLOBJ  and *SECADM.   If  the user
profile  (including program adopt  and group adopt) does  not have both
special authorities, TAA9891 is sent as an escape message.

The check is made  beginning at the program  prior to the program  that
ran  CHKSPCAUT in  the program  stack.   This allows  the program  that
uses  CHKSPCAUT  to adopt  and  still  determine if  the  user  has the
specified special authorities.

If a specific user  profile name is entered,  the current user must  be
authorized to that profile.

There is  an optional parameter  ERRTXT that allows  you to supply  the
message  text sent  for  the CPF9898  message.   This  is  intended for
situations  where you are  using a Standard  Error handling routine and
just want to bubble the message back.

For example, assume  PGMA calls PGMB and  PGMB contains CHKJOBCTL.   If
PGMB contains a  standard error handling routine, the  error text would
be sent to PGMA.

          CHKSPCAUT      JOBCTL(*YES) ERRTXT('You must have +
                          *JOBCTL special authority to use the +
                          xxxx function')

The QSYCUSRS API is used.

CHKSPCAUT escape messages you can monitor for
---------------------------------------------

      TAA9891    User does not have the specified special authorities
      TAA9892    No special authorities were requested
      CPF9802    Not authorized to the user profile named

Escape messages from based on functions will be re-sent.

Command parameters                                    *CMD
------------------

   USRPRF        The  user profile  to  check special  authorities for.
                 The default  is  *CURRENT meaning  the  current  user.
                 When *CURRENT  is specified,  the check  includes both
                 program adopt and group adopt.

                 A specific  user profile may be  entered.  If entered,
                 the check is only to  the existing user profile.   The
                 current  user  must be  authorized  to  the  specified
                 user profile.

   ALLOBJ        A  *YES/*NO value  for  whether to  check  for *ALLOBJ
                 special  authority.    The  default  is  '*NO'  for no
                 check.    A  '*YES'  entry  causes  a  check  for  the
                 special authority.

   AUDIT         A  *YES/*NO  value for  whether  to  check for  *AUDIT
                 special  authority.    The  default  is  '*NO'  for no
                 check.    A  '*YES'  entry  causes  a  check  for  the
                 special authority.

   IOSYSCFG      A *YES/*NO  value for  whether to check  for *IOSYSCFG
                 special  authority.    The  default  is  '*NO' for  no
                 check.    A  '*YES'  entry  causes  a  check  for  the
                 special authority.

   JOBCTL        A  *YES/*NO value  for whether  to  check for  *JOBCTL
                 special  authority.    The  default  is '*NO'  for  no
                 check.    A  '*YES'  entry  causes  a  check  for  the
                 special authority.

   SAVSYS        A *YES/*NO  value  for whether  to  check for  *SAVSYS
                 special  authority.    The  default is  '*NO'  for  no
                 check.    A  '*YES'  entry  causes  a  check  for  the
                 special authority.

   SECADM        A *YES/*NO  value for  whether  to check  for  *SECADM
                 special  authority.    The default  is  '*NO'  for  no
                 check.    A  '*YES'  entry  causes  a  check  for  the
                 special authority.

   SERVICE       A *YES/*NO  value for  whether to  check for  *SERVICE
                 special  authority.    The default  is  '*NO'  for  no
                 check.    A  '*YES'  entry  causes  a  check  for  the
                 special authority.

   SPLCTL        A  *YES/*NO  value for  whether  to check  for *SPLCTL
                 special  authority.   The  default  is  '*NO'  for  no
                 check.    A  '*YES'  entry  causes  a  check  for  the
                 special authority.

   ERRTXT        The  error text to  be used  if an error  occurs.  The
                 default is *STD  which produces  standard error  text.

                 The intent  of allowing  you to enter  the text  is if
                 you  are  using  the CHKSPCAUT  command  in  a program
                 that  uses  a  standard  error  handling  routine   to
                 bubble up  the message text  to the  caller.  You  can
                 supply  some specific  text relative  to  the function
                 of your program.

Restrictions
------------

If  a  specific  user  profile  is  named,  the  current  user  must be
authorized to that profile.

Prerequisites
-------------

The following TAA Tools must be on your system:

     SNDESCMSG       Send escape message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   CHKSPCAUT     *CMD                   TAASEFE       QATTCMD
   TAASEFEC      *PGM       CLP         TAASEFEC      QATTCL

Added to TAA Productivity tools January 15, 2002

Home Page

Up to Top