DSPUSRAUT2 -- Display User Authority 2

DSPUSRAUT2 DISPLAY USER AUTHORITY TAASEFR
The Display User Authority 2 command displays a user's authority to objects within a library. Both individual authority, group authority (including supplemental groups), and authority controlled by authorization lists are described. An individual object, a generic name, or all objects can be specified. A specific type, or all object types may be requested. DSPUSRAUT2 provides a simple method of determining what a user can do in a library. Program adopt as specified by USRPRF(OWNER) on create program commands is not considered. You must have ALLOBJ authority to use DSPUSRAUT2. A typical command would be: DSPUSRAUT2 LIB(xxx) USER(USER1) If the command is entered interactively, a display appears of the listing. All objects that USER1 has at least USE authority to in the named library would be listed. The listing would describe where the authority comes from such as: - A specific authority to an object - An authority based on a group profile - An authority based on an authorization list - Access via the PUBLIC user If the user has no authority to the library, an escape message is sent. USER(PUBLIC) may be specified to determine what the public user may do (one that is not specifically authorized). If the user is other than PUBLIC, an option exists (INCPUB) to bypass the listing of 'PUBLIC to OBJ'. This allows a review of the specific authorizations for a given user. How authority is determined --------------------------- The QSYRUSRA API is used to check authority. This system function checks in the same sequence that the system does. For example, if the user is authorized to the object, the object is also controlled by an authorization list, and the user has a different authority via the authorization list, the individual authority takes precedence. DSPUSRAUT2 escape messages you can monitor for ---------------------------------------------- TAA9891 User is not authorized to the library. Escape messages from based on functions will be re-sent. Command parameters CMD ------------------ LIB The library to check authorizations for. USER The user to print the authorities for. PUBLIC may be entered to determine what any non-authorized user may do. AUT The authority to check for. Individual authority, group authority (including supplemental groups, and authorizations via an authorization list are checked for. USE is the default meaning that the user must have at least USE authority to the object to cause the object to be listed. CHANGE may be specified meaning that the user must have at least CHANGE authority to the object to cause the object to be listed. ALL may be specified meaning that the user must have all authority to the object to cause the object to be listed. EXCLUDE may be specified meaning that the user must have a specific EXCLUDE authority to the object to cause the object to be listed. OBJ The object name to be checked. The default is ALL for all objects to be checked. A specific object or a generic object name may be entered. OBJTYPE The object type to be checked. The default is ALL for all object types to be checked. A specific object type to be entered. INCPUB A YES/NO option for whether to include the 'PUBLIC to OBJ' conditions. YES is the default which will include the conditions where the PUBLIC user has access. NO may be specified to bypass these conditions. Only the specific authorities for the individual user will be included. OUTPUT How to output the results. * is the default to display the spooled file if the command is entered interactively. The spooled file is deleted after it is displayed. If the command is entered in batch or PRINT is specified, the spooled file is output and retained. Restrictions ------------ You must have ALLOBJ special object authority to use DSPUSRAUT2. Program adopt is not considered. Prerequisites ------------- The following TAA Tools must be on your system: CHKALLOBJ Check all object special authority CHKOBJ3 Check object 3 EDTVAR Edit variable RTVAUTSRCD Retrieve authority source description RTVOBJAUT Retrieve object authority RTVOBJLST Retrieve object list RTVSYSVAL3 Retrieve system value 3 SNDCOMPMSG Send completion message SNDESCMSG Send escape message SNDSTSMSG Send status message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- DSPUSRAUT2 CMD TAASEFR QATTCMD TAASEFRC PGM CLP TAASEFRC QATTCL TAASEFRR *PGM RPG TAASEFRR QATTRPG

DSPUSRAUT2      DISPLAY USER AUTHORITY                 TAASEFR


The Display  User Authority 2  command displays  a user's authority  to
objects within  a library.  Both individual  authority, group authority
(including   supplemental   groups),   and   authority   controlled  by
authorization lists  are described.   An individual  object, a  generic
name,  or all  objects  can be  specified.   A  specific  type, or  all
object types may be requested.

DSPUSRAUT2  provides a simple method of determining  what a user can do
in a library.

Program  adopt  as  specified  by  USRPRF(*OWNER)  on   create  program
commands is not considered.

You must have *ALLOBJ authority to use DSPUSRAUT2.

A typical command would be:

             DSPUSRAUT2    LIB(xxx) USER(USER1)

If  the command  is entered  interactively,  a display  appears of  the
listing.   All  objects that USER1  has at  least *USE authority  to in
the named library would  be listed.  The  listing would describe  where
the authority comes from such as:

        - A specific authority to an object
        - An authority based on a group profile
        - An authority based on an authorization list
        - Access via the *PUBLIC user

If the  user has  no authority  to the  library, an  escape message  is
sent.

USER(*PUBLIC) may  be specified to  determine what the  public user may
do (one that is not specifically authorized).

If  the  user  is other  than  *PUBLIC,  an option  exists  (INCPUB) to
bypass the listing of '*PUBLIC  to *OBJ'.  This allows a review  of the
specific authorizations for a given user.

How authority is determined
---------------------------

The  QSYRUSRA API is  used to  check authority.   This  system function
checks  in the  same sequence that  the system  does.   For example, if
the user is  authorized to the  object, the object  is also  controlled
by an  authorization list, and the  user has a different  authority via
the authorization list, the individual authority takes precedence.

DSPUSRAUT2 escape messages you can monitor for
----------------------------------------------

      TAA9891    User is not authorized to the library.

Escape messages from based on functions will be re-sent.

Command parameters                                    *CMD
------------------

   LIB           The library to check authorizations for.

   USER          The  user to print  the authorities for.   *PUBLIC may
                 be entered to determine  what any non-authorized  user
                 may do.

   AUT           The authority  to  check for.   Individual  authority,
                 group  authority (including  supplemental  groups, and
                 authorizations  via an authorization  list are checked
                 for.

                 *USE is the  default meaning that  the user must  have
                 at  least *USE authority  to the  object to  cause the
                 object to be listed.

                 *CHANGE  may be specified  meaning that  the user must
                 have at  least  *CHANGE  authority to  the  object  to
                 cause the object to be listed.

                 *ALL  may be  specified  meaning  that the  user  must
                 have all  authority to the object  to cause the object
                 to be listed.

                 *EXCLUDE may be specified  meaning that the user  must
                 have a  specific *EXCLUDE authority  to the  object to
                 cause the object to be listed.

   OBJ           The object  name to be  checked.  The  default is *ALL
                 for all objects to be checked.

                 A  specific  object or  a generic  object name  may be
                 entered.

   OBJTYPE       The object type  to be checked.   The default is  *ALL
                 for all object types to be checked.

                 A specific object type to be entered.

   INCPUB        A  *YES/*NO   option  for   whether  to   include  the
                 '*PUBLIC to *OBJ' conditions.

                 *YES   is   the  default   which   will   include  the
                 conditions where the *PUBLIC user has access.

                 *NO may  be  specified  to  bypass  these  conditions.
                 Only  the  specific  authorities  for  the  individual
                 user will be included.

   OUTPUT        How  to  output the  results.   *  is  the  default to
                 display the  spooled file  if the  command is  entered
                 interactively.  The  spooled file is deleted  after it
                 is displayed.

                 If  the  command  is entered  in  batch  or *PRINT  is
                 specified,  the spooled  file is  output and retained.

Restrictions
------------

You must have *ALLOBJ special object authority to use DSPUSRAUT2.

Program adopt is not considered.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CHKALLOBJ       Check all object special authority
     CHKOBJ3         Check object 3
     EDTVAR          Edit variable
     RTVAUTSRCD      Retrieve authority source description
     RTVOBJAUT       Retrieve object authority
     RTVOBJLST       Retrieve object list
     RTVSYSVAL3      Retrieve system value 3
     SNDCOMPMSG      Send completion message
     SNDESCMSG       Send escape message
     SNDSTSMSG       Send status message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   DSPUSRAUT2    *CMD                   TAASEFR       QATTCMD
   TAASEFRC      *PGM       CLP         TAASEFRC      QATTCL
   TAASEFRR      *PGM       RPG         TAASEFRR      QATTRPG

Added to TAA Productivity tools July 15, 2003

Home Page

Up to Top