DLTSECTOOL -- Delete Security Tools

DLTSECTOOL DELETE SECURITY TOOL TAASEFD
The Delete Security Tool command allows a deletion of the sensitive security TAA Tools (those that create or change user profiles such as INZPWD and CPYUSRPRF2). With proper security in place, these tools may safely exist and be used. However, some installations may prefer to delete these tools to avoid any possibility of their use. Deleting security sensitive tools does not absolve you from understanding your requirements to provide a secure environment for the TAA Productivity Tools. You must review and follow the guidelines described in the "TAA Tool Security" discussion of HELPTAA. DLTSECTOOL only deletes tools that create or change user profiles. There are many other tools such as JOBACG which adopt QSECOFR authority, but do not create or change user profiles. You must have both ALLOBJ and SECADM to use DLTSECTOOL. A typical command would be: DLTSECTOOL TOOL(INZPWD) or DLTSECTOOL TOOL(ALL) TOOL(ALL) deletes the following tools: CHGGRPPRF CHGOBJD4 CHGINLMNU CHGINLPGM CHGUSRAUD2 CHGUSRPRF2 CHGUSRPRF3 CHGUSRPWD CHG128PWD CHG128PWD2 CHKLMTCPB CPYUSRPRF CPYUSRPRF2 CPYUSRPRF3 DLTDSAPRF DLTOLDUSR DLTGENPRF DLTUSRPRF2 DLTUSRPRF3 DSAOLDPRF DSAUSRPRF DSPPWD DSPUSRPRF2 EDTUSRPRF ENAUSRPRF INZPWD RCLSYSPRF If one of these tools is deleted, a user with both ALLOBJ and SECADM is required to recreate the tool if it is needed (the rights cannot be adopted). Both the command and other objects that make up a tool are deleted. If a command library exists (such as TAACMD), the command is also deleted from the command library. DLTSECTOOL escape messages you can monitor for ---------------------------------------------- TAA9892 Either the specific tool or no security tools exist Escape messages from based on functions will be re-sent. Command parameters CMD ------------------ TOOL The tool name to be deleted or ALL for all security sensitive tools. Both the command and other objects that make up a tool are deleted. If a command library exists (such as TAACMD), the command is also deleted from the command library. If ALL is specified, the following tools are deleted: CHGGRPPRF CHGINLMNU CHGINLPGM CHGUSRAUD2 CHGUSRPRF2 CHGUSRPRF3 CHGUSRPWD CHKLMTCPB CPYUSRPRF CPYUSRPRF2 DLTGENPRF DLTOLDUSR DLTUSRPRF2 DLTUSRPRF3 DSAOLDPRF DSAUSRPRF DSPPWD DSPUSRPRF2 EDTUSRPRF ENAUSRPRF INZPWD A specific tool from this list may also be deleted. Restrictions ------------ You must have both ALLOBJ and SECADM to use DLTSECTOOL (the rights cannot be adopted). Prerequisites ------------- The following TAA Tools must be on your system: CHKOBJ2 Check object 2 DLTTAATOOL Delete TAA Tool EDTVAR Edit variable RTVSPCAUT Retrieve special authority RTVTAALIC Retrieve TAA license SNDCOMPMSG Send completion message SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- DLTSECTOOL CMD TAASEFD QATTCMD TAASEFDC *PGM CLP TAASEFDC QATTCL

DLTSECTOOL      DELETE SECURITY TOOL                   TAASEFD


The Delete  Security Tool command  allows a  deletion of the  sensitive
security TAA  Tools (those that create or change  user profiles such as
INZPWD  and CPYUSRPRF2).   With proper  security in  place, these tools
may safely exist and be  used.  However, some installations  may prefer
to delete these tools to avoid any possibility of their use.

Deleting   security  sensitive   tools  does   not  absolve   you  from
understanding  your requirements  to provide  a secure  environment for
the  TAA  Productivity  Tools.     You  must  review  and  follow   the
guidelines  described  in   the  "TAA  Tool  Security"   discussion  of
HELPTAA.

DLTSECTOOL  only deletes  tools that  create  or change  user profiles.
There  are  many  other  tools  such  as  JOBACG  which  adopt  QSECOFR
authority, but do not create or change user profiles.

You must have both *ALLOBJ and *SECADM to use DLTSECTOOL.

A typical command would be:

            DLTSECTOOL    TOOL(INZPWD)

               or

            DLTSECTOOL    TOOL(*ALL)

TOOL(*ALL) deletes the following tools:

            CHGGRPPRF
            CHGOBJD4
            CHGINLMNU
            CHGINLPGM
            CHGUSRAUD2
            CHGUSRPRF2
            CHGUSRPRF3
            CHGUSRPWD
            CHG128PWD
            CHG128PWD2
            CHKLMTCPB
            CPYUSRPRF
            CPYUSRPRF2
            CPYUSRPRF3
            DLTDSAPRF
            DLTOLDUSR
            DLTGENPRF
            DLTUSRPRF2
            DLTUSRPRF3
            DSAOLDPRF
            DSAUSRPRF
            DSPPWD
            DSPUSRPRF2
            EDTUSRPRF
            ENAUSRPRF
            INZPWD
            RCLSYSPRF

If  one of  these  tools  is deleted,  a  user  with both  *ALLOBJ  and
*SECADM is  required to recreate the  tool if it is  needed (the rights
cannot be adopted).

Both  the command and  other objects that  make up a  tool are deleted.
If a  command library  exists  (such as  TAACMD), the  command is  also
deleted from the command library.

 DLTSECTOOL escape messages you can monitor for
 ----------------------------------------------

       TAA9892    Either the specific tool or no security tools exist

Escape messages from based on functions will be re-sent.

 Command parameters                                    *CMD
 ------------------

   TOOL          The tool name  to be deleted or *ALL  for all security
                 sensitive  tools.  Both the  command and other objects
                 that make  up  a  tool  are deleted.    If  a  command
                 library exists (such  as TAACMD), the command  is also
                 deleted from the command library.

                 If   *ALL  is  specified,  the   following  tools  are
                 deleted:

                      CHGGRPPRF
                      CHGINLMNU
                      CHGINLPGM
                      CHGUSRAUD2
                      CHGUSRPRF2
                      CHGUSRPRF3
                      CHGUSRPWD
                      CHKLMTCPB
                      CPYUSRPRF
                      CPYUSRPRF2
                      DLTGENPRF
                      DLTOLDUSR
                      DLTUSRPRF2
                      DLTUSRPRF3
                      DSAOLDPRF
                      DSAUSRPRF
                      DSPPWD
                      DSPUSRPRF2
                      EDTUSRPRF
                      ENAUSRPRF
                      INZPWD

                 A specific tool  from this list  may also be  deleted.

 Restrictions
 ------------

You must have  both *ALLOBJ and  *SECADM to use DLTSECTOOL  (the rights
cannot be adopted).

 Prerequisites
 -------------

The following TAA Tools must be on your system:

      CHKOBJ2         Check object 2
      DLTTAATOOL      Delete TAA Tool
      EDTVAR          Edit variable
      RTVSPCAUT       Retrieve special authority
      RTVTAALIC       Retrieve TAA license
      SNDCOMPMSG      Send completion message
      SNDESCMSG       Send escape message

 Implementation
 --------------

None, the tool is ready to use.

 Objects used by the tool
 ------------------------

    Object        Type    Attribute      Src member    Src file
    ------        ----    ---------      ----------    ----------

    DLTSECTOOL    *CMD                   TAASEFD       QATTCMD
    TAASEFDC      *PGM       CLP         TAASEFDC      QATTCL

Added to TAA Productivity tools October 15, 2001

Home Page

Up to Top