TAA Tools

The Execute using *JOBCTL  command is intended for the  situation where
the  user  needs  *JOBCTL  authority,  but  should not  be  permanently
authorized.    Specific TAA  functions are  supported and  the Security
Officer may authorize other commands.   The user must be  authorized to
the TAAJOBCTL authorization list.

A typical command would be:

                           CMDSTRING('STATUS(*ALL) OUTLIB(QTEMP)')

The  EXCJOBCTL  command  checks  the  CMD  parameter  for  one  of  its
supported  commands.  If the command is  not supported, CPF9898 is sent
as an escape message.

If the  command  is  supported,  the command  and  command  string  are
concatenated  together and  executed using  QCMDEXC in  a program  that
adopts  the  QSECOFR  user  profile  (thus  obtaining  *JOBCTL  special

Supported commands

There are two types of supported commands:

  **   Implicitly supported  commands.   The following  is provided  by
       the TAA Productivity Tools:

                CVTWRKUSR      Convert Work User

  **   Explicitly  supported commands.    You  must enter  the  command
       name into the  TAAJOBCTL data area in TAASECURE.   It could be a
       system  command,  a TAA  Productivity  Tool command,  or  a user
       written command.  As the Security Officer enter:


       An  entry display  will  appear  and  you  may enter  up  to  45
       command names that may be executed using EXCJOBCTL.

       You must  enter a  specific library name  such as QSYS  (this is
       done  for security reasons  described later).  An  entry for the
       system DSPJOB command should appear as:

                        DSPJOB           QSYS

       However, when  EXCJOBCTL  runs,  only  the  unqualified  portion
       (the command name) is searched for in the data area.

Security handling

Any implicitly  supported TAATOOL commands  are always executed  with a
qualified  name (such as  TAATOOL/CVTWRKUSR).  Any  commands entered in
the EXCJOBCTL  data  area in  TAASECURE  are always  qualified  to  the
library specified in the data area.

The intent  of using a  qualified command is  to prevent misuse  of the
library  list where  the user  may have  his own  version of  a command
name.   Since  the EXCJOBCTL  program operates  under the  authority of
QSECOFR,  it is  important  that  the  specific  intended  function  be
executed and not a bogus version.

Command parameters                                    *CMD

   CMD           The command  name to  be executed.   Only the  list of
                 valid  commands may  be specified.   See  the previous
                 discussion.   The  command  must  be  on  the  library

   CMDSTRING     The  remainder of  the command  string (not  including
                 the command name) to be executed.


  **   The  user  must  be authorized  to  the  TAAJOBCTL authorization

  **   Only commands supported by EXCJOBCTL may be executed.


The following TAA Tools must be on your system:

     CONARR          Constant array
     RSNLSTMSG       Resend last message
     SNDESCMSG       Send escape message


None, the tool  is ready to  use, but  the user must  be authorized  to
the TAAJOBCTL  authorization list.   To authorize  a user, use  EDTAUTL
or specify:


If  additional  commands   are  required  besides  those  supported  by
EXCJOBCTL,   use  the  TAAJOBCTL   data  area  in   QSYS  as  described

Objects used by the tool

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   EXCJOBCTL     *CMD                   TAAJOCI       QATTCMD
   TAAJOCIC      *PGM       CLP         TAAJOCIC      QATTCL

Added to TAA Productivity tools October 1, 1997

Home Page Up to Top