CMPOBJSEC -- Compare Object Security

CMPOBJSEC COMPARE OBJECT SECURITY TAASEHA
The Compare Object Security command compares security from one object to another. Individual authorities, ownership, and authorization lists are compared. If both objects are PGM types, the USRPRF attribute and the USEADPAUT attribute (set by CHGPGM) are also compared. See the CMPOBJSEC2 command for comparing security from one to many objects. If a user is authorized to one of the objects but not the other, the condition is flagged. If a user is authorized to both objects but the authorities differ, the condition is flagged. The user must have OBJMGT rights to both objects. This allows a complete check of all authorities. A typical command would be: CMPOBJSEC FROMOBJ(xxx) FROMTYPE(PGM) TOOBJ(yyy) By default, the object type and library of the FROMOBJ are used to describe the To object. The object type and library may differ. By default, a spooled file is displayed with the results. In addition to individual flag conditions, a summary description describes each type. CMPOBJSEC escape messages you can monitor for --------------------------------------------- TAA9892 If differences exist and ESCAPE(YES) specified Escape messages from based on functions will be re-sent. Command parameters CMD ------------------ FROMOBJ The qualified name of the object to compare from. The library value defaults to LIBL. A specific library or CURLIB may also be used. FROMTYPE The object type of the From object. Use the command prompter for the list of supported values. TOOBJ The qualified name of the object to compare to. The library value defaults to FROMOBJ meaning the library where the From object exists. A specific library, LIBL, or CURLIB may also be used. TOTYPE The object type of the TOOBJ. The default is FROMTYP meaning the same object type as the From object type. Use the command prompter for the list of supported values. ESCAPE A YES/NO parameter that determines if an escape message is sent if differences exist. NO is the default meaning that a completion message will describe that differences exist if the output is not displayed. YES may be specified to cause the TAA9892 escape message to be sent if differences exist. OUTPUT How to output the results. is the default to display the spooled file if the command is entered interactively. The spooled file is deleted after it is displayed. If the command is entered in batch or PRINT is specified, the spooled file is output and retained. Restrictions ------------ The user must have OBJMGT rights to both objects. Prerequisites ------------- The following TAA Tools must be on your system: CHKOBJ3 Check object 3 RSNLSTMSG Resend last message RTVOBJAUT Retrieve object authority RTVPGMA Retrieve program attributes RTVSYSVAL3 Retrieve system value 3 SNDCOMPMSG Send completion message SNDESCINF Send escape information SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- CMPOBJSEC CMD TAASEHA QATTCMD TAASEHAC PGM CLP TAASEHAC QATTCL TAASEHAR *PGM RPG TAASEHAR QATTRPG

CMPOBJSEC       COMPARE OBJECT SECURITY                TAASEHA


The Compare Object  Security command compares security from  one object
to  another.    Individual  authorities, ownership,  and  authorization
lists  are  compared.   If  both  objects  are *PGM  types,  the USRPRF
attribute  and  the  USEADPAUT  attribute  (set  by  CHGPGM)  are  also
compared.

See  the CMPOBJSEC2  command for  comparing security  from one  to many
objects.

If  a user is authorized to  one of the objects but  not the other, the
condition is flagged.   If  a user  is authorized to  both objects  but
the authorities differ, the condition is flagged.

The user  must have  *OBJMGT rights  to both  objects.   This allows  a
complete check of all authorities.

A typical command would be:

             CMPOBJSEC     FROMOBJ(xxx) FROMTYPE(*PGM) TOOBJ(yyy)

By  default, the  object type and  library of  the FROMOBJ are  used to
describe the To object.  The object type and library may differ.

By default,  a  spooled  file  is  displayed  with  the  results.    In
addition  to   individual  flag   conditions,  a  summary   description
describes each type.

CMPOBJSEC escape messages you can monitor for
---------------------------------------------

      TAA9892    If differences exist and ESCAPE(*YES) specified

Escape messages from based on functions will be re-sent.

Command parameters                                    *CMD
------------------

   FROMOBJ       The  qualified name  of  the object  to  compare from.
                 The  library  value  defaults to  *LIBL.    A specific
                 library or *CURLIB may also be used.

   FROMTYPE      The object type of  the From object.  Use  the command
                 prompter for the list of supported values.

   TOOBJ         The qualified name  of the object to compare  to.  The
                 library   value  defaults  to   *FROMOBJ  meaning  the
                 library where  the From  object  exists.   A  specific
                 library, *LIBL, or *CURLIB may also be used.

   TOTYPE        The  object  type  of  the  TOOBJ.    The  default  is
                 *FROMTYP  meaning  the same  object type  as  the From
                 object type.   Use the command  prompter for the  list
                 of supported values.

   ESCAPE        A  *YES/*NO parameter  that  determines if  an  escape
                 message is sent if differences exist.

                 *NO is  the default meaning that  a completion message
                 will  describe  that differences  exist if  the output
                 is not displayed.

                 *YES may  be  specified to  cause the  TAA9892  escape
                 message to be sent if differences exist.

   OUTPUT        How  to output  the  results.   *  is  the default  to
                 display  the spooled  file if  the command  is entered
                 interactively.  The spooled  file is deleted after  it
                 is displayed.

                 If  the  command is  entered  in  batch or  *PRINT  is
                 specified,  the spooled  file is output  and retained.

Restrictions
------------

The user must have *OBJMGT rights to both objects.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CHKOBJ3         Check object 3
     RSNLSTMSG       Resend last message
     RTVOBJAUT       Retrieve object authority
     RTVPGMA         Retrieve program attributes
     RTVSYSVAL3      Retrieve system value 3
     SNDCOMPMSG      Send completion message
     SNDESCINF       Send escape information
     SNDESCMSG       Send escape message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   CMPOBJSEC     *CMD                   TAASEHA       QATTCMD
   TAASEHAC      *PGM       CLP         TAASEHAC      QATTCL
   TAASEHAR      *PGM       RPG         TAASEHAR      QATTRPG

Added to TAA Productivity tools June 30, 2007

Home Page

Up to Top