LMTDLTSPLF -- Limit DLTSPLF

LMTDLTSPLF LIMIT DLTSPLF TAASPLT
******************************************* * * * CAUTION. If you limit the commands * * described, there may be system or * * product functions that will fail * * because they assume that PUBLIC * has USE authority to these * commands. In general, you should * * consider restricting only menu * * controlled end users. * * * ***************************************** There are several methods of limiting users to control who can delete spooled files. This tool describes 3 typical solutions in order of complexity. LMTDLTSPLF tool. A simple command that limits users who do not have special authority. The default is to limit the commands to users who have JOBCTL authority. More restrictive control can be gained by limiting the commands to SPLCTL special authority. Using an authorization list. See the later section that describes the steps to limit the DLTSPLF and CLROUTQ commands to users who are authorized to an authorization list. Note that this does not change the CHGSPLFA command. LMTDLTSPL2 tool. This is a separate tool that allows more granular control in terms of: -- The file names to be controlled such as QPJOBLOG. -- The type of control required by spooled file including the special authorities JOBCTL/SPLCTL or if an authorization list is provided. The LMTDLTSPLF command provides the simplest solution. Only a user with ALLOBJ authority can use LMTDLTSPLF. The command to limit the deletion of spooled files to only those users with JOBCTL authority would be: LMTDLTSPLF TYPE(JOBCTL) The commands DLTSPLF, CLROUTQ, and CHGSPLFA would be changed to use a validity checking program. * When DLTSPLF or CLROUTQ is used, the validity checking program ensures the user has JOBCTL special authority. If not, the program sends a special diagnostic followed by a general escape message. * When CHGSPLFA is used, the validity checking program would prevent a user who does not have JOBCTL authority from changing the current output queue. This prevents a user from moving a spooled file to an output queue which is printing and would therefore cause the spooled file to be deleted when the spool writer has output the file. Any other spooled file parameters could be changed. You may also reset the commands to their original shipped default by specifying TYPE(NONE). Handling the escape message in a program ---------------------------------------- If you have programs that delete spooled files for users, they may fail due to the escape message that may be sent by either DLTSPLF or CLROUTQ or an attempt to change the output queue using CHGSPLFA. The escape message is the general message CPF0001 which indicates a general command failure. If you use the LMTDLTSPLF tool, the TAA9882 diagnostic message will be sent prior to the escape message to describe the specific error condition. A method of programming for this error is to use the TAA Tool RTVDIAGMSG which will allow you to retrieve the diagnostic message associated with the last escape message. Your code might look like: DLTSPLF FILE(xxxx) MONMSG MSGID(CPF0001) EXEC(DO) /* Cmd error / RTVDIAGMSG DIAGMSGID(&MSGID) IF (&MSGID EQ 'TAA9882') DO /* Not auth / / * /* Handle not authorized * /* * ENDDO /* Not auth / SNDESCMSG MSG('Command error. See previous messages') ENDDO / Cmd error / The SNDESCMSG command is a TAA Tool command to simplify sending an escape message. If you limit the commands with an authorization list, the message ID to monitor for is CPD0002. Command parameters CMD ------------------ TYPE The type of limitation you want to place on the commands. The default is JOBCTL meaning the user must have the special authority JOBCTL to perform the function. SPLCTL may also be specified. NONE may be specified to cause the specified commands to be set so that no validity checking program exists. This is the way the command is shipped by the system. When NONE is specified, the CHKEXSVLD parameter is ignored. DLTSPLF Whether to limit the DLTSPLF command. The default is YES which causes a validity checking program to be named for the command. NO does not change the command validity checking program (there may already be one specified). CLROUTQ Whether to limit the CLROUTQ command. The default is YES which causes a validity checking program to be named for the command. NO does not change the command validity checking program (there may already be one specified). CHGSPLFA Whether to limit the CHGSPLFA command so that the user cannot change the current Output Queue. The default is YES which causes a validity checking program to be named for the command. Specifying YES does not prevent the user from changing any other attributes with CHGSPLFA. NO does not change the command validity checking program (there may already be one specified). CHKEXSVLD Whether to check for an existing validity checking program on the commands to be changed. The default is YES which prevents a change if a current validity checking program already exists and is not the value to be changed to. No check occurs if you have specified NONE for the TYPE parameter. NO causes a change regardless of whether a program already exists. New system release implications ------------------------------- When a new system release is installed, the commands in QSYS are deleted and installed as shipped by the system. Therefore, you should place the LMTDLTSPLF command in a CL program along with any other changes to QSYS objects and run the program on each release. Using an Authorization list instead of LMTDLTSPLF ------------------------------------------------- The use of an authorization list allows more granular control than the simple LMTDLTSPLF command. You can provide a list of names of users who are allowed to delete spooled files. Note that this does cause any change to CHGSPLFA. You could consider the LMTDLTSPLF command for just the CHGSPLFA command. The following steps describe how to do this. You must be a user with ALLOBJ authority to do these steps. 1. Create an authorization list or use an existing one. A sample create command would be: CRTAUTL AUTL(DLTSPLF) AUT(EXCLUDE) TEXT('Used to limit DLTSPLF and CLROUTQ') 2. Use EDTAUTL to add the users to the list that you want authorized to DLTSPLF and CLROUTQ. When the display appears, add the users and specify the Object Authority as USE. EDTAUTL AUTL(DLTSPLF) 3. Use the following commands to change the DLTSPLF command to use the authority from the authorization list. GRTOBJAUT OBJ(DLTSPLF) OBJTYPE(CMD) USER(PUBLIC) AUT(EXCLUDE) GRTOBJAUT OBJ(DLTSPLF) OBJTYPE(CMD) AUTL(DLTSPLF) 4. Use the following commands to change the CLROUTQ command to use the authority from the authorization list. GRTOBJAUT OBJ(CLROUTQ) OBJTYPE(CMD) USER(PUBLIC) AUT(EXCLUDE) GRTOBJAUT OBJ(CLROUTQ) OBJTYPE(CMD) AUTL(DLTSPLF) You must use the Authorization list method if you have the S/38 Environment on your system to control the commands CNLSPLF and CLROUTQ. Restrictions ------------ Only a user with ALLOBJ special authority may use LMTDLTSPLF. Any APIs that may exist that allow deletion of spooled files or changes to file attributes are not considered. If you have the S/38 environment on your system, you must use the Authorization list method to prevent the use of CNLSPLF and CLROUTQ from the S/38 environment library. Prerequisites ------------- The following TAA Tools must be on your system: CHKALLOBJ Check ALLOBJ special authority RTVCMDA Retrieve command attributes RTVSPCAUT Retrieve special authority SNDCOMPMSG Send completion message SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- LMTDLTSPLF CMD TAASPLT QATTCMD TAASPLTC PGM CLP TAASPLTC QATTCL TAASPLTC2 PGM CLP TAASPLTC2 QATTCL TAASPLTC3 PGM CLP TAASPLTC3 QATTCL TAASPLTC4 PGM CLP TAASPLTC4 QATTCL TAASPLTC5 PGM CLP TAASPLTC5 QATTCL TAASPLTC6 PGM CLP TAASPLTC6 QATTCL TAASPLTC7 PGM CLP TAASPLTC7 QATTCL Structure --------- LMTDLTSPLF Cmd TAASPLTC CL pgm Validity checking programs Command JOBCTL SPLCTL -------- --------- --------- DLTSPLF TAASPLTC2 TAASPLTC3 CLROUTQ TAASPLTC4 TAASPLTC5 CHGSPLFA TAASPLTC6 TAASPLTC7

LMTDLTSPLF      LIMIT DLTSPLF                          TAASPLT


             *******************************************
             *                                         *
             *    CAUTION.  If you limit the commands  *
             *    described, there may be system or    *
             *    product functions that will fail     *
             *    because they assume that *PUBLIC     *
             *    has *USE authority to these          *
             *    commands.  In general, you should    *
             *    consider restricting only menu       *
             *    controlled end users.                *
             *                                         *
             *******************************************

There are several methods  of limiting users to control  who can delete
spooled  files.  This  tool describes 3  typical solutions in  order of
complexity.

  **   LMTDLTSPLF  tool.   A simple  command that  limits users  who do
       not  have special  authority.    The  default is  to  limit  the
       commands   to  users   who   have  *JOBCTL   authority.     More
       restrictive  control can be  gained by limiting  the commands to
       *SPLCTL special authority.

  **   Using  an authorization  list.    See  the  later  section  that
       describes the  steps to limit  the DLTSPLF and  CLROUTQ commands
       to  users who  are authorized  to an  authorization list.   Note
       that this does not change the CHGSPLFA command.

  **   LMTDLTSPL2 tool.   This  is  a separate  tool that  allows  more
       granular control in terms of:

         --   The file names to be controlled such as QPJOBLOG.

         --   The type  of control required  by spooled  file including
              the   special  authorities   *JOBCTL/*SPLCTL  or   if  an
              authorization list is provided.

The  LMTDLTSPLF command  provides the simplest  solution.   Only a user
with *ALLOBJ authority can use LMTDLTSPLF.

The command  to  limit the  deletion  of spooled  files  to only  those
users with *JOBCTL authority would be:

        LMTDLTSPLF    TYPE(*JOBCTL)

The commands DLTSPLF,  CLROUTQ, and CHGSPLFA would be  changed to use a
validity checking program.

  **   When  DLTSPLF or CLROUTQ is used,  the validity checking program
       ensures the user  has *JOBCTL  special authority.   If not,  the
       program  sends  a  special  diagnostic  followed  by  a  general
       escape message.

  **   When  CHGSPLFA  is used,  the  validity  checking program  would
       prevent  a  user  who  does  not  have  *JOBCTL  authority  from
       changing the current  output queue.   This prevents a  user from
       moving a  spooled file to an output queue  which is printing and
       would  therefore cause the  spooled file to  be deleted when the
       spool writer  has  output  the file.    Any other  spooled  file
       parameters could be changed.

You may  also reset the commands  to their original  shipped default by
specifying TYPE(*NONE).

Handling the escape message in a program
----------------------------------------

If  you have  programs that  delete spooled files  for users,  they may
fail due to the  escape message that may be  sent by either DLTSPLF  or
CLROUTQ or an attempt  to change the output queue  using CHGSPLFA.  The
escape  message  is  the  general  message  CPF0001 which  indicates  a
general command failure.  If you  use the LMTDLTSPLF tool, the  TAA9882
diagnostic  message  will  be sent  prior  to  the  escape  message  to
describe the specific error condition.

A  method  of  programming for  this  error  is  to  use the  TAA  Tool
RTVDIAGMSG  which  will allow  you to  retrieve the  diagnostic message
associated with the last escape message.

Your code might look like:

             DLTSPLF    FILE(xxxx)
             MONMSG     MSGID(CPF0001) EXEC(DO) /* Cmd error */
             RTVDIAGMSG DIAGMSGID(&MSGID)
             IF         (&MSGID *EQ 'TAA9882') DO /* Not auth */
                        /*                                    *
                        /*     Handle not authorized          *
                        /*                                    *
             ENDDO      /* Not auth */
             SNDESCMSG  MSG('Command error.  See previous messages')
             ENDDO      /* Cmd error */

The SNDESCMSG  command is  a TAA Tool  command to  simplify sending  an
escape message.

If you  limit the commands with  an authorization list, the  message ID
to monitor for is CPD0002.

Command parameters                                    *CMD
------------------

   TYPE          The  type  of  limitation you  want  to  place  on the
                 commands.   The default  is *JOBCTL  meaning the  user
                 must  have the  special authority  *JOBCTL to  perform
                 the function.  *SPLCTL may also be specified.

                 *NONE   may  be  specified  to   cause  the  specified
                 commands to  be  set  so  that  no  validity  checking
                 program  exists.   This  is  the  way the  command  is
                 shipped by  the system.  When *NONE  is specified, the
                 CHKEXSVLD parameter is ignored.

   DLTSPLF       Whether  to limit  the DLTSPLF  command.   The default
                 is *YES which  causes a  validity checking program  to
                 be named for the command.

                 *NO  does not  change  the  command validity  checking
                 program (there may already be one specified).

   CLROUTQ       Whether  to limit  the CLROUTQ  command.   The default
                 is *YES which  causes a  validity checking program  to
                 be named for the command.

                 *NO  does not  change  the  command validity  checking
                 program (there may already be one specified).

   CHGSPLFA      Whether  to  limit the  CHGSPLFA command  so  that the
                 user cannot  change the  current  Output Queue.    The
                 default  is  *YES which  causes  a  validity  checking
                 program  to  be named  for  the  command.   Specifying
                 *YES  does  not  prevent the  user  from  changing any
                 other attributes with CHGSPLFA.

                 *NO  does not  change  the command  validity  checking
                 program (there may already be one specified).

   CHKEXSVLD     Whether  to check  for an  existing validity  checking
                 program  on the commands  to be changed.   The default
                 is  *YES  which  prevents   a  change  if  a   current
                 validity checking  program already  exists and  is not
                 the value to be changed to.

       No  check  occurs  if you  have  specified  *NONE  for the  TYPE
       parameter.

                 *NO causes a  change regardless of  whether a  program
                 already exists.

New system release implications
-------------------------------

When  a new  system release  is  installed, the  commands  in QSYS  are
deleted and installed as shipped by the system.

Therefore,  you should  place the  LMTDLTSPLF command  in a  CL program
along  with any other  changes to QSYS  objects and run  the program on
each release.

Using an Authorization list instead of LMTDLTSPLF
-------------------------------------------------

The use  of an  authorization list  allows more  granular control  than
the simple  LMTDLTSPLF command.   You  can provide a  list of  names of
users who are allowed to delete spooled files.

Note  that this does cause any change  to CHGSPLFA.  You could consider
the LMTDLTSPLF command for just the CHGSPLFA command.

The following steps describe how to do  this.  You must be a user  with
*ALLOBJ authority to do these steps.

  1.   Create an authorization  list or use an existing one.   A sample
       create command would be:

              CRTAUTL    AUTL(DLTSPLF) AUT(*EXCLUDE)
                           TEXT('Used to limit DLTSPLF and CLROUTQ')

  2.   Use  EDTAUTL  to  add  the  users  to  the  list that  you  want
       authorized to DLTSPLF  and CLROUTQ.   When the display  appears,
       add the users and specify the Object Authority as *USE.

              EDTAUTL    AUTL(DLTSPLF)

  3.   Use the  following  commands to  change the  DLTSPLF command  to
       use the authority from the authorization list.

              GRTOBJAUT  OBJ(DLTSPLF) OBJTYPE(*CMD)
                           USER(*PUBLIC) AUT(*EXCLUDE)

              GRTOBJAUT  OBJ(DLTSPLF) OBJTYPE(*CMD)
                           AUTL(DLTSPLF)

  4.   Use  the following  commands to  change  the CLROUTQ  command to
       use the authority from the authorization list.

              GRTOBJAUT  OBJ(CLROUTQ) OBJTYPE(*CMD)
                           USER(*PUBLIC) AUT(*EXCLUDE)

              GRTOBJAUT  OBJ(CLROUTQ) OBJTYPE(*CMD)

                           AUTL(DLTSPLF)

You  must  use  the Authorization  list  method  if you  have  the S/38
Environment  on  your  system  to  control  the  commands  CNLSPLF  and
CLROUTQ.

Restrictions
------------

Only a user with *ALLOBJ special authority may use LMTDLTSPLF.

Any  APIs  that may  exist  that allow  deletion  of  spooled files  or
changes to file attributes are not considered.

If  you have  the S/38  environment on  your system,  you must  use the
Authorization list method  to prevent  the use of  CNLSPLF and  CLROUTQ
from the S/38 environment library.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CHKALLOBJ       Check *ALLOBJ special authority
     RTVCMDA         Retrieve command attributes
     RTVSPCAUT       Retrieve special authority
     SNDCOMPMSG      Send completion message
     SNDESCMSG       Send escape message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   LMTDLTSPLF    *CMD                   TAASPLT       QATTCMD
   TAASPLTC      *PGM       CLP         TAASPLTC      QATTCL
   TAASPLTC2     *PGM       CLP         TAASPLTC2     QATTCL
   TAASPLTC3     *PGM       CLP         TAASPLTC3     QATTCL
   TAASPLTC4     *PGM       CLP         TAASPLTC4     QATTCL
   TAASPLTC5     *PGM       CLP         TAASPLTC5     QATTCL
   TAASPLTC6     *PGM       CLP         TAASPLTC6     QATTCL
   TAASPLTC7     *PGM       CLP         TAASPLTC7     QATTCL

Structure
---------

LMTDLTSPLF  Cmd
   TAASPLTC   CL pgm

Validity checking programs

   Command     *JOBCTL     *SPLCTL
   --------    ---------   ---------

   DLTSPLF     TAASPLTC2   TAASPLTC3
   CLROUTQ     TAASPLTC4   TAASPLTC5
   CHGSPLFA    TAASPLTC6   TAASPLTC7

Added to TAA Productivity tools May 1, 1996

Home Page

Up to Top