DSPADP          DISPLAY WITH ADOPT                         TAAADPA

 The Display with  adopt tool is a  series of DSP commands  that perform
 the  same  function  as system  commands  except  that  they adopt  the
 security  officer's profile  while in  execution.   This allows  a user
 who is authorized  to the TAADSPADP  authorization list to display  the
 object  description or  attribute  level of  information regardless  of
 the security on the object or library.

 This  is useful for  auditors or for programmers  who require something
 less than *ALLOBJ authority.

 None of the commands allow the  user to display any data (data base  or
 data areas) nor can the user make any changes to the objects.

 No  No user  (unless he  has *ALLOBJ  authority) can  use the  commands
 unless explicitly authorized to TAADSPADP.

 The following are the commands provided:

       TAA                                              System
     Command          Description                       Command
     -------          ------------                      -------

     DSPCLSA          Display class                     DSPCLS
     DSPCMDA          Display command                   DSPCMD
     DSPDBRA          Display data base relations       DSPDBR
     DSPFDA           Display file description          DSPFD
     DSPFFDA          Display file field description    DSPFFD
     DSPJOBDA         Display job description           DSPJOBD
     DSPLIBA          Display library                   DSPLIB
     DSPOBJAUTA       Display object authority          DSPOBJAUT
     DSPOBJDA         Display object description        DSPOBJD
     DSPPGMA          Display program                   DSPPGM
     DSPPGMADPA       Display program adopt             DSPPGMADP
     DSPPGMREFA       Display program references        DSPPGMREF
     DSPSAVFA         Display save file                 DSPSAVF
     DSPSBSDA         Display subsystem description     DSPSBSD
     DSPUSRPRFA       Display user profile              DSPUSRPRF

 The  commands allow an authorized  user to perform  a reasonable degree
 of trouble shooting  on the system  or allow a user  to perform  system
 wide  functions   that  in   most  cases   will  not  negate   security
 requirements.

 For example,  there are many cases where private  libraries exist and a
 function  is needed to operate  across the entire system.   Many of the
 TAA tools  such  as PRTDBFEXP  and  PRTLIBANL require  a  user who  has
 *ALLOBJ authority  to operate  on all libraries.   These TAA  tools use
 the  DSPxxxA  commands  and therefore  only  require  authority  to the
 TAADSPADP authorization list.  See  the section on tools which  require
 DSPADP.

 The DSPxxxA  commands use the same  prompts as the DSPxxx  command they
 are emulating.

 A typical  command might be to review all of  the job descriptions in a
 library.  The  user of the  command (assuming he  has authorization  to
 TAADSPADP) does not need  any authorization to the library  or objects.

         DSPOBJDA    OBJ(xxx/*ALL) OBJTYPE(*JOBD)

 All  of the commands  in the  above list  that support outfiles  can be
 used to create data base files.

 Command parameters                                    *CMD
 ------------------

 See the command being emulated.

 Security considerations
 -----------------------

 DSPADP  is owned by QSECOFR.   The profile is adopted during execution.

 To  use  one of  the  commands,  a  user  must  be  authorized  to  the
 TAADSPADP authorization list.

 None of  the DSPxxxA commands allow  any change capability  nor do they
 allow  a user  to see  any data  within the objects.   For  example, no
 data base  file  can  be read,  a  data  area cannot  be  displayed,  a
 message file or message queue cannot be read etc.

 You must  review the list of  commands and decide whether  you consider
 any   of  the  capabilities  to   be  security  sensitive.     In  most
 situations,  displays  of  object  level  information  or  the   detail
 description  of  an  object  like  a  job   description  would  not  be
 considered security sensitive.

 Commands which  create an outfile require that if  the file exists, the
 same   format  be  used.    Therefore,   it  is  impossible  to  delete
 application  data unless  it  was  originally created  using  the  same
 format as the outfile.

 TAA tools which require DSPADP
 ------------------------------

 Several TAA tools  require that the DSPxxxA commands  exist in order to
 be created.

 If  the user of a  tool like PRTDBFEXP specifies  a single library, the
 tool checks  to see if  he is  authorized to  TAADSPADP.   If not,  the
 normal DSPFD  command is executed  using the users  own authority.   If
 the  user is  not authorized to  the library  or the objects,  an error
 will occur.    If the  user  is  authorized to  TAADSPADP,  the  DSPFDA
 command is executed.   In order to specify LIB(*ALL), the  user must be
 authorized to TAADSPADP.

 If the  user has *ALLOBJ  authority, the user is  already authorized to
 the TAADSPADP and does not need specific authority.

 The  following describes the tools  that use one or  more of the DSPADP
 commands (this list may not be complete).

      TAA tool       DSPADP command dependency
      --------       -------------------------

      CHKDBD         DSPFDA
      CHKOBJDMG      DSPOBJDA
      CHKSAV         DSPOBJDA, DSPFDA
      PRTDBFEXP      DSPFDA
      PRTLIBANL      DSPFDA, DSPOBJDA, DSPUSRPRFA
      PRTSAVSTS      DSPOBJDA

 Restrictions
 ------------

 The user  must  have  *USE  authority to  the  TAADSPADP  authorization
 list.

 Prerequisites
 -------------

 The following TAA Tools must be on your system:

           EXTLST        Extract list
           EXTLST2       Extract list 2
           SNDCOMPMSG    Send completion message

 Implementation
 --------------

 The  tool is  ready  to use,  but the  users  of the  commands  must be
 authorized  to  the  the  TAADSPADP  authorization  list.   Use  either
 EDTAUTL or specify:

        ADDAUTLE      AUTL(TAADSPADP) USER(xxxx) AUT(*USE)

 If you  want to review  the objects  that use  the authorization  list,
 use DSPAUTL or EDTAUTL and the F15 key.

 If you  want to  prevent the use  of one of  the DSPxxxA  commands, you
 can remove  it from the authorization  list.  You must  do this on each
 release.  Use the  EDTOBJAUT list on  both the command  and the CPP  to
 change the authorization list to *NONE.

 Objects used by the tool
 ------------------------

    Object        Type        Attribute      Src member    Src file
    ------        ----        ---------      ----------    ----------

    DSPCLSA       *CMD                       TAAADPA4      QATTCMD
    DSPCMDA       *CMD                       TAAADPA14     QATTCMD
    DSPDBRA       *CMD                       TAAADPA12     QATTCMD
    DSPFDA        *CMD                       TAAADPA7      QATTCMD
    DSPFFDA       *CMD                       TAAADPA8      QATTCMD
    DSPJOBDA      *CMD                       TAAADPA3      QATTCMD
    DSPLIBA       *CMD                       TAAADPA2      QATTCMD
    DSPOBJAUTA    *CMD                       TAAADPA15     QATTCMD
    DSPOBJDA      *CMD                       TAAADPA       QATTCMD
    DSPPGMA       *CMD                       TAAADPA5      QATTCMD
    DSPPGMADPA    *CMD                       TAAADPA11     QATTCMD
    DSPPGMREFA    *CMD                       TAAADPA9      QATTCMD
    DSPSAVF       *CMD                       TAAADPA13     QATTCMD
    DSPSBSDA      *CMD                       TAAADPA6      QATTCMD
    DSPUSRPRFA    *CMD                       TAAADPA10     QATTCMD
    TAAADPAC      *PGM           CLP         TAAADPAC      QATTCL
    TAAADPAC2     *PGM           CLP         TAAADPAC2     QATTCL
    TAAADPAC3     *PGM           CLP         TAAADPAC3     QATTCL
    TAAADPAC4     *PGM           CLP         TAAADPAC4     QATTCL
    TAAADPAC5     *PGM           CLP         TAAADPAC5     QATTCL
    TAAADPAC6     *PGM           CLP         TAAADPAC6     QATTCL
    TAAADPAC7     *PGM           CLP         TAAADPAC7     QATTCL
    TAAADPAC8     *PGM           CLP         TAAADPAC8     QATTCL
    TAAADPAC9     *PGM           CLP         TAAADPAC9     QATTCL
    TAAADPAC10    *PGM           CLP         TAAADPAC10    QATTCL
    TAAADPAC11    *PGM           CLP         TAAADPAC11    QATTCL
    TAAADPAC12    *PGM           CLP         TAAADPAC12    QATTCL
    TAAADPAC13    *PGM           CLP         TAAADPAC13    QATTCL
    TAAADPAC14    *PGM           CLP         TAAADPAC14    QATTCL
    TAAADPAC15    *PGM           CLP         TAAADPAC15    QATTCL
    TAAADPAC22    *PGM           CLP         TAAADPAC22    QATTCL

 Structure
 ---------

      Command             CPP
      -------             ---

      DSPCLSA             TAAADPAC4
      DSPCMDA             TAAADPAC14
      DSPDBRA             TAAADPAC12
      DSPFDA              TAAADPAC7
      DSPFFDA             TAAADPAC8
      DSPJOBDA            TAAADPAC3
      DSPLIBA             TAAADPAC2
      DSPOBJAUTA          TAAADPAC15
      DSPOBJDA            TAAADPAC
      DSPPGMA             TAAADPAC5
      DSPPGMADPA          TAAADPAC11
      DSPPGMREFA          TAAADPAC9
      DSPSAVFA            TAAADPAC13
      DSPSBSDA            TAAADPAC6
      DSPUSRPRFA          TAAADPAC10

 The  sub  program  TAAADPAC22 which  is  used  to  execute  the  EXTLST
 command is used by TAAADPAC and TAAADPAC2.

Added to TAA Productivity Tools April 1, 1995


Home Page

Last modified on March 10, 2014 © 1995, 2014 - TAA Tools, Inc.