RVKDUPIFSA REVOKE DUPLICATE IFS AUTHORITY TAAIFTO |
The Revoke Duplicate IFS Authority command checks or revokes
duplicate authorities to the *PUBLIC user of IFS objects. You must
first run CVTIFSAUT to create an outfile of authorizations. If the
authorization for a user is the same as the *PUBLIC profile, it is
considered a duplicate (except for the owner). If the *PUBLIC user
is specified as *AUTL, the authorizations from the *AUTL are used.
Duplicates because of Group Profiles are not considered. The default
is to 'check' (a listing if produced).
*ALLOBJ special authority is required.
A typical series of commands would be:
CVTIFSAUT OBJ('/xxx') OUTLIB(QTEMP)
RVKDUPIFSA LIB(yyy)
Because the default for the OPTION parameter is *CHECK, only a
listing would be produced. After reviewing the listing, you could
remove the duplicates with:
RVKDUPIFSA OPTION(*REVOKE) LIB(QTEMP)
If you want to follow OPTION(*REVOKE) with another RVKDUPIFSA
command, you must first run CVTIFSAUT again to get the outfile of
current authorities.
RVKDUPIFSA escape messages you can monitor for
----------------------------------------------
TAA9891 The IFSAUTP file does not exist.
Escape messages from based on functions will be re-sent.
RVKDUPIFSA Command parameters *CMD
-----------------------------
OPTION The option to be used. The default is *CHECK
meaning that no authorizations are changed and a
listing is output.
*REVOKE may be specified to revoke the duplicate
authorizations. Only the duplicate authorizations
to the object are revoked.
Only duplicate authorizations for a specific user
(other than the owner) are compared to the *PUBLIC
user. If the *PUBLIC user is specified as *AUTL,
the authorizations from the *AUTL are used. Not
considered are duplicates for group profiles.
PRTPUBLIC An option for whether the *PUBLIC user of each
object will always be listed. The default is *ALL
to list the *PUBLIC user. This provides at least
one line per object.
*DUP may be specified to list the *PUBLIC user for
only those objects which have duplicates.
PRTDETAIL An option for whether to list just the duplicate
user authorizations or all authorized users. The
default is *DUP to print a single line for an
authorized user if duplicate authorities exist.
*ALL may be specified to print all users who are
authorized.
LIB The library where the IFSAUTP file exists. The file
must have been created by the CVTIFSAUT command.
*LIBL is the default. A specific library or *CURLIB
may be specified.
MBR The member of the IFSAUTP file to be used. The
default is IFSAUTP. A specific member may be named
if it was output by the CVTIFSAUT command.
OUTPUT How to output the results. * is the default to
display the spooled file if the command is entered
interactively. The spooled file is deleted after it
is displayed.
If the command is entered in batch or *PRINT is
specified, the spooled file is output and retained.
Restrictions
------------
** *ALLOBJ special authority is required.
** Group profiles are not considered.
** The maximum path length processed is 5000 bytes.
Prerequisites
-------------
The following TAA Tools must be on your system:
CHKALLOBJ Check *ALLOBJ special authority
RTVSYSVAL3 Retrieve system value 3
SNDCOMPMSG Send completion message
SNDESCINF Send escape information
SNDESCMSG Send escape message
Implementation
--------------
None, the tool is ready to use.
Objects used by the tool
------------------------
Object Type Attribute Src member Src file
------ ---- --------- ---------- ----------
RVKDUPIFSA *CMD TAAIFTO QATTCMD
TAAIFTOC *PGM CLP TAAIFTOC QATTCL
TAAIFTOC2 *PGM CLP TAAIFTOC2 QATTCL
TAAIFTOR *PGM RPG TAAIFTOR QATTRPG
|
Added to TAA Productivity tools August 1, 2008
