CHKTAAAUT -- Check TAA Authorities

CHKTAAAUT CHECK TAA AUTHORITIES TAATOMM
The Check TAA Authorities command checks the current authorities for TAA objects and compares them to the shipped version of the product. TAA objects in QSYS may also be included in the check such as Authorization Lists. This allows a simple determination of what authority changes have been made on your system. This helps ensure that the TAA Tools may not be used without proper authority. You must have ALLOBJ authority to use CHKTAAAUT. When ALL or CMD is specified for the type of authorities, TAA commands outside of library TAATOOL are also considered. This includes TAA commands if a TAA Command library exists, but excludes commands in QSYS, QSYS38, or QSYSVxxx (prior release commands). When ALL is specified for the type of authorities, TAA objects outside of TAATOOL and TAASECURE are flagged. A typical use would be to submit the command to batch as it is a long running function if ALL types of objects are requested. SBMJOB JOB(CHKTAAAUT) CMD(CHKTAAAUT TYPE(ALL)) A listing would be output. The listing may have: ** Exceptions where you have made a change such as adding a user to an authorization list or changed the shipped authorization for the PUBLIC user. * Warnings such as a different owner of the SNDTIMMSG data queue (this could occur if you delete and re-create the data queue. CHKTAAAUT internals ------------------- Most TAA objects are shipped as PUBLIC(USE) and owned by QSECOFR. Several exceptions exist such as Authorization Lists which are shipped PUBLIC(EXCLUDE), objects where the PUBLIC is specified as AUTL, and the TAAJOBCTL user profile. As part of the TAA Productivity Tools product, file TAATOMMP is shipped with some specific exceptions. The file contains one record for each object that has an exception in authority or authorization list such as if the PUBLIC user is not USE. When CHKTAAAUT begins, a file is created or every object specified on the CHKTAAAUT command. The file is then read and DSPOBJAUT is used for each object to create an outfile of authorizations. The TAATOMMP file is read and is used to build an array in the program. The DSPOBJAUT outfile is then read. General exceptions such as Authorization List objects, the TAAJOBCTL user profile are handled with unique code. The majority of objects are checked against the array of exceptions and any differences are noted. Both exceptions and warnings may appear in the listing. Exceptions are considered to be significant changes such as where the authority to an object has been changed, a user has been added, or an Authorization List is not PUBLIC EXCLUDE. Warnings may be issued for situations such as where the TAAJOBCTL user profile or the SNDTIMMSG DTAQ are not owned by QSECOFR. CHKTAAAUT escape messages you can monitor for --------------------------------------------- None. Escape messages from based on functions will be re-sent. CHKTAAAUT Command parameters CMD ---------------------------- TYPE The type of objects to be checked. ALL is the default which checks the authorizations to all objects in TAATOOL, all TAA Authorization Lists, the library objects TAATOOL and TAASECURE, and the TAAJOBCTL user profile. TAA commands outside of TAATOOL are also considered. TAA object names that exist outside of the TAATOOL and TAASECURE libraries are flagged. You may request up to 20 individual object types such as AUTL and/or the object types within TAATOOL such as CMD, PGM, etc. For the complete list, use the command prompter. OUTPUT How to output the results. is the default to display the spooled file if the command is entered interactively. The spooled file is deleted after it is displayed. If the command is entered in batch or PRINT is specified, the spooled file is output and retained. Restrictions ------------ You must have ALLOBJ special authority to use CHKTAAAUT. Prerequisites ------------- The following TAA Tools must be on your system: CHKALLOBJ Check ALLOBJ special authority CVTLIBOBJD Convert library object descriptions CVTPGMA Convert program attributes EDTVAR Edit variable EXTLST Extract list RTVOBJD2 Retrieve object description 2 RTVSYSVAL3 Retrieve system value 3 RTVTAALIC Retrieve TAA license SNDCOMPMSG Send completion message SNDESCINF Send escape information SNDJLGMSG Send job log message SNDSTSMSG Send status message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- CHKTAAAUT CMD TAATOMM QATTCMD TAATOMMC PGM CLP TAATOMMC QATTCL TAATOMMC2 PGM CLP TAATOMMC2 QATTCL TAATOMMC3 PGM CLP TAATOMMC3 QATTCL TAATOMMC4 PGM CLP TAATOMMC4 QATTCL TAATOMMR PGM RPG TAATOMMR QATTRPG TAATOMMR3 PGM RPG TAATOMMR3 QATTRPG TAATOMMR4 PGM RPG TAATOMMR4 QATTRPG TAATOMMP FILE PF TAATOMMP QATTDDS Structure --------- CHKTAAAUT Cmd TAATOMMC CL Pgm - Gets outfile of *AUTLs - Gets TAAJOBCTL user profile - Gets objects in TAATOOL and TAASECURE - Gets program objects for adoption TAATOMMC3 CL Pgm - Gets command objects outside of TAATOOL TAATOMMR3 RPG Pgm - Checks for TAA commands in list TAATOMMC4 CL Pgm - Gets TAA objects outside TAATOOL/TAASECUR TAATOMMC2 CL Pgm - Gets object authorities TAATOMMR RPG Pgm - Print program

CHKTAAAUT       CHECK TAA AUTHORITIES                  TAATOMM


The Check  TAA Authorities command  checks the current  authorities for
TAA objects  and compares them  to the shipped version  of the product.
TAA  objects  in  QSYS  may  also be  included  in  the  check  such as
Authorization Lists.    This  allows  a simple  determination  of  what
authority changes  have been  made on your  system.  This  helps ensure
that the TAA Tools may not be used without proper authority.

You must have *ALLOBJ authority to use CHKTAAAUT.

When  *ALL  or  *CMD is  specified  for the  type  of  authorities, TAA
commands  outside  of  library  TAATOOL  are  also  considered.    This
includes TAA  commands if  a TAA Command  library exists,  but excludes
commands in QSYS, QSYS38, or QSYSVxxx (prior release commands).

When  *ALL  is  specified for  the  type  of  authorities, TAA  objects
outside of TAATOOL and TAASECURE are flagged.

A typical use would be to submit the  command to batch as it is a  long
running function if *ALL types of objects are requested.

             SBMJOB  JOB(CHKTAAAUT)  CMD(CHKTAAAUT TYPE(*ALL))

A listing would be output.  The listing may have:

  **   Exceptions where you  have made a  change such as adding  a user
       to  an authorization list  or changed the  shipped authorization
       for the *PUBLIC user.

  **   Warnings  such as a different owner  of the SNDTIMMSG data queue
       (this could occur  if you delete  and re-create the data  queue.

CHKTAAAUT internals
-------------------

Most TAA  objects are  shipped as *PUBLIC(*USE)  and owned  by QSECOFR.
Several  exceptions   exist  such  as  Authorization  Lists  which  are
shipped *PUBLIC(*EXCLUDE), objects  where the  *PUBLIC is specified  as
*AUTL, and the TAAJOBCTL user profile.

As  part  of the  TAA  Productivity  Tools  product, file  TAATOMMP  is
shipped  with some specific exceptions.   The file  contains one record
for each object  that has  an exception in  authority or  authorization
list such as if the *PUBLIC user is not *USE.

When CHKTAAAUT begins, a  file is created or every  object specified on
the CHKTAAAUT  command.  The  file is then  read and DSPOBJAUT  is used
for  each object to create an  outfile of authorizations.  The TAATOMMP
file is read and is used to build an array in the program.

The  DSPOBJAUT outfile  is  then  read.   General  exceptions  such  as
Authorization  List objects,  the  TAAJOBCTL user  profile are  handled
with  unique code.   The  majority of objects  are checked  against the
array of exceptions and any differences are noted.

Both exceptions and  warnings may  appear in the  listing.   Exceptions
are considered  to be significant changes  such as where  the authority
to  an  object  has  been  changed,  a  user  has  been  added,  or  an
Authorization List is not *PUBLIC *EXCLUDE.

Warnings may  be issued  for  situations such  as where  the  TAAJOBCTL
user profile or the SNDTIMMSG *DTAQ are not owned by QSECOFR.

CHKTAAAUT escape messages you can monitor for
---------------------------------------------

None.  Escape messages from based on functions will be re-sent.

CHKTAAAUT Command parameters                          *CMD
----------------------------

   TYPE          The type of objects to be checked.

                 *ALL is  the default  which checks the  authorizations
                 to  all  objects in  TAATOOL,  all TAA*  Authorization
                 Lists,  the  library  objects  TAATOOL  and TAASECURE,
                 and  the  TAAJOBCTL   user  profile.     TAA  commands
                 outside of  TAATOOL are  also considered.   TAA object
                 names   that  exist   outside   of  the   TAATOOL  and
                 TAASECURE libraries are flagged.

                 You may  request  up  to 20  individual  object  types
                 such as *AUTL  and/or the object types  within TAATOOL
                 such as  *CMD, *PGM, etc.  For  the complete list, use
                 the command prompter.

   OUTPUT        How to  output  the results.    * is  the  default  to
                 display the  spooled file  if the  command is  entered
                 interactively.   The spooled file is  deleted after it
                 is displayed.

                 If  the  command  is  entered in  batch  or  *PRINT is
                 specified, the  spooled file is  output and  retained.

Restrictions
------------

You must have *ALLOBJ special authority to use CHKTAAAUT.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CHKALLOBJ       Check *ALLOBJ special authority
     CVTLIBOBJD      Convert library object descriptions
     CVTPGMA         Convert program attributes
     EDTVAR          Edit variable
     EXTLST          Extract list
     RTVOBJD2        Retrieve object description 2
     RTVSYSVAL3      Retrieve system value 3
     RTVTAALIC       Retrieve TAA license
     SNDCOMPMSG      Send completion message
     SNDESCINF       Send escape information
     SNDJLGMSG       Send job log message
     SNDSTSMSG       Send status message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   CHKTAAAUT     *CMD                   TAATOMM       QATTCMD
   TAATOMMC      *PGM       CLP         TAATOMMC      QATTCL
   TAATOMMC2     *PGM       CLP         TAATOMMC2     QATTCL
   TAATOMMC3     *PGM       CLP         TAATOMMC3     QATTCL
   TAATOMMC4     *PGM       CLP         TAATOMMC4     QATTCL
   TAATOMMR      *PGM       RPG         TAATOMMR      QATTRPG
   TAATOMMR3     *PGM       RPG         TAATOMMR3     QATTRPG
   TAATOMMR4     *PGM       RPG         TAATOMMR4     QATTRPG
   TAATOMMP      *FILE      PF          TAATOMMP      QATTDDS

Structure
---------

CHKTAAAUT   Cmd
   TAATOMMC   CL Pgm - Gets outfile of *AUTLs
                     - Gets TAAJOBCTL user profile
                     - Gets objects in TAATOOL and TAASECURE
                     - Gets program objects for adoption
      TAATOMMC3  CL Pgm  - Gets command objects outside of TAATOOL
          TAATOMMR3  RPG Pgm - Checks for TAA commands in list
      TAATOMMC4  CL Pgm  - Gets TAA objects outside TAATOOL/TAASECUR
      TAATOMMC2  CL Pgm  - Gets object authorities
          TAATOMMR   RPG Pgm - Print program

Added to TAA Productivity tools January 1, 2008

Home Page

Up to Top