The Display with adopt tool is a series of DSP commands that perform
the same function as system commands except that they adopt the
security officer's profile while in execution. This allows a user
who is authorized to the TAADSPADP authorization list to display the
object description or attribute level of information regardless of
the security on the object or library.
This is useful for auditors or for programmers who require something
less than *ALLOBJ authority.
None of the commands allow the user to display any data (data base or
data areas) nor can the user make any changes to the objects.
No No user (unless he has *ALLOBJ authority) can use the commands
unless explicitly authorized to TAADSPADP.
The following are the commands provided:
Command Description Command
------- ------------ -------
DSPCLSA Display class DSPCLS
DSPCMDA Display command DSPCMD
DSPDBRA Display data base relations DSPDBR
DSPFDA Display file description DSPFD
DSPFFDA Display file field description DSPFFD
DSPJOBDA Display job description DSPJOBD
DSPLIBA Display library DSPLIB
DSPOBJAUTA Display object authority DSPOBJAUT
DSPOBJDA Display object description DSPOBJD
DSPPGMA Display program DSPPGM
DSPPGMADPA Display program adopt DSPPGMADP
DSPPGMREFA Display program references DSPPGMREF
DSPSAVFA Display save file DSPSAVF
DSPSBSDA Display subsystem description DSPSBSD
DSPUSRPRFA Display user profile DSPUSRPRF
The commands allow an authorized user to perform a reasonable degree
of trouble shooting on the system or allow a user to perform system
wide functions that in most cases will not negate security
For example, there are many cases where private libraries exist and a
function is needed to operate across the entire system. Many of the
TAA tools such as PRTDBFEXP and PRTLIBANL require a user who has
*ALLOBJ authority to operate on all libraries. These TAA tools use
the DSPxxxA commands and therefore only require authority to the
TAADSPADP authorization list. See the section on tools which require
The DSPxxxA commands use the same prompts as the DSPxxx command they
A typical command might be to review all of the job descriptions in a
library. The user of the command (assuming he has authorization to
TAADSPADP) does not need any authorization to the library or objects.
DSPOBJDA OBJ(xxx/*ALL) OBJTYPE(*JOBD)
All of the commands in the above list that support outfiles can be
used to create data base files.
Command parameters *CMD
See the command being emulated.
DSPADP is owned by QSECOFR. The profile is adopted during execution.
To use one of the commands, a user must be authorized to the
TAADSPADP authorization list.
None of the DSPxxxA commands allow any change capability nor do they
allow a user to see any data within the objects. For example, no
data base file can be read, a data area cannot be displayed, a
message file or message queue cannot be read etc.
You must review the list of commands and decide whether you consider
any of the capabilities to be security sensitive. In most
situations, displays of object level information or the detail
description of an object like a job description would not be
considered security sensitive.
Commands which create an outfile require that if the file exists, the
same format be used. Therefore, it is impossible to delete
application data unless it was originally created using the same
format as the outfile.
TAA tools which require DSPADP
Several TAA tools require that the DSPxxxA commands exist in order to
If the user of a tool like PRTDBFEXP specifies a single library, the
tool checks to see if he is authorized to TAADSPADP. If not, the
normal DSPFD command is executed using the users own authority. If
the user is not authorized to the library or the objects, an error
will occur. If the user is authorized to TAADSPADP, the DSPFDA
command is executed. In order to specify LIB(*ALL), the user must be
authorized to TAADSPADP.
If the user has *ALLOBJ authority, the user is already authorized to
the TAADSPADP and does not need specific authority.
The following describes the tools that use one or more of the DSPADP
commands (this list may not be complete).
TAA tool DSPADP command dependency
CHKSAV DSPOBJDA, DSPFDA
PRTLIBANL DSPFDA, DSPOBJDA, DSPUSRPRFA
The user must have *USE authority to the TAADSPADP authorization
The following TAA Tools must be on your system:
EXTLST Extract list
EXTLST2 Extract list 2
SNDCOMPMSG Send completion message
The tool is ready to use, but the users of the commands must be
authorized to the the TAADSPADP authorization list. Use either
EDTAUTL or specify:
ADDAUTLE AUTL(TAADSPADP) USER(xxxx) AUT(*USE)
If you want to review the objects that use the authorization list,
use DSPAUTL or EDTAUTL and the F15 key.
If you want to prevent the use of one of the DSPxxxA commands, you
can remove it from the authorization list. You must do this on each
release. Use the EDTOBJAUT list on both the command and the CPP to
change the authorization list to *NONE.
Objects used by the tool
Object Type Attribute Src member Src file
------ ---- --------- ---------- ----------
DSPCLSA *CMD TAAADPA4 QATTCMD
DSPCMDA *CMD TAAADPA14 QATTCMD
DSPDBRA *CMD TAAADPA12 QATTCMD
DSPFDA *CMD TAAADPA7 QATTCMD
DSPFFDA *CMD TAAADPA8 QATTCMD
DSPJOBDA *CMD TAAADPA3 QATTCMD
DSPLIBA *CMD TAAADPA2 QATTCMD
DSPOBJAUTA *CMD TAAADPA15 QATTCMD
DSPOBJDA *CMD TAAADPA QATTCMD
DSPPGMA *CMD TAAADPA5 QATTCMD
DSPPGMADPA *CMD TAAADPA11 QATTCMD
DSPPGMREFA *CMD TAAADPA9 QATTCMD
DSPSAVF *CMD TAAADPA13 QATTCMD
DSPSBSDA *CMD TAAADPA6 QATTCMD
DSPUSRPRFA *CMD TAAADPA10 QATTCMD
TAAADPAC *PGM CLP TAAADPAC QATTCL
TAAADPAC2 *PGM CLP TAAADPAC2 QATTCL
TAAADPAC3 *PGM CLP TAAADPAC3 QATTCL
TAAADPAC4 *PGM CLP TAAADPAC4 QATTCL
TAAADPAC5 *PGM CLP TAAADPAC5 QATTCL
TAAADPAC6 *PGM CLP TAAADPAC6 QATTCL
TAAADPAC7 *PGM CLP TAAADPAC7 QATTCL
TAAADPAC8 *PGM CLP TAAADPAC8 QATTCL
TAAADPAC9 *PGM CLP TAAADPAC9 QATTCL
TAAADPAC10 *PGM CLP TAAADPAC10 QATTCL
TAAADPAC11 *PGM CLP TAAADPAC11 QATTCL
TAAADPAC12 *PGM CLP TAAADPAC12 QATTCL
TAAADPAC13 *PGM CLP TAAADPAC13 QATTCL
TAAADPAC14 *PGM CLP TAAADPAC14 QATTCL
TAAADPAC15 *PGM CLP TAAADPAC15 QATTCL
TAAADPAC22 *PGM CLP TAAADPAC22 QATTCL
The sub program TAAADPAC22 which is used to execute the EXTLST
command is used by TAAADPAC and TAAADPAC2.