DSPJOB3 Display Job 3

DSPJOB3 DISPLAY JOB 3 TAAJODC
The Display Job 3 command allows a user who has *USE authority to the TAAJOBCTL authorization list to perform DSPJOB functions for a job that is not his own. This allows trusted individuals (such as programmers) to have DSPJOB capability as if they had *JOBCTL special authority without directly specifying *JOBCTL in their user profile. The *JOBCTL special authority provides a lot of capability such as: - Display any job - Display spooled file data for any job, change the spooled file, delete the spooled file (except for spooled files in 'private output queues') - Change any job - End any job - Clear job queues - Clear output queues - Power down the system Because of this, some installations want to minimize the use of *JOBCTL special authority, but still have a need to allow some users to display jobs that are not their own. DSPJOB3 provides this capability by allowing trusted users to be authorized to the TAAJOBCTL authorization list. DSPJOB3 supports the same parameters as the system DSPJOB command. A typical command would be: DSPJOB3 JOB(xxx) Assuming the user was authorized, the TAA DSPJOB3 menu would appear which has the same options as the system DSPJOB menu. The DSPJOB3 command is authorized for PUBLIC(*USE). This allows any user to use the command, but the following rules exist: ** If a user has no authority to the TAAJOBCTL authorization list and does not have *JOBCTL special authority, the user can only operate on his own jobs (TAA9894 is sent as an escape message if the user is not the owner of the job). ** If a user has *USE authority to the TAAJOBCTL authorization list or has *JOBCTL special authority, the user can display a job which is not his own (it is also possible to adopt authority to *JOBCTL in a program that runs the DSPJOB3 command). Two restrictions exist when displaying a job other than your own (these are the same as supported by the system DSPJOB command): -- Spooled files which exist in a 'private output queue' can be listed, but the data cannot be displayed unless the user has *SPLCTL special authority (it is not adopted). A 'private output queue' is created by the CRTOUTQ command OPRCTL(*NO) function. -- The DSPJOB OPTION(*JOBLOG) is prevented if the user running the command does not have *ALLOBJ special authority and attempts to display a job of a user who has *ALLOBJ special authority. Duplicate job handling ---------------------- If a fully qualified job name is not entered, there may be duplicate jobs for the same values entered (either Job or Job/User). DSPJOB3 supports the same DSPDUPJOB parameter as on DSPJOB. The default is *SELECT to display a menu of the duplicates. This occurs by using the TAA DSPDUPJOB display and the user may select the job to be displayed. If DSPDUPJOB(*MSG) is specified, the CPF1069 escape message (same ID used by DSPJOB) will be sent if duplicates exist. TAAJOBCTL Authorization List ---------------------------- The TAAJOBCTL authorization list allows certain TAA Tools to function as if the user was directly authorized to *JOBCTL special authority. By authorizing a user to *USE authority to the Authorization List, you enable the user to do a few other functions which are similar to DSPJOB3. The EXCJOBCTL command is under control of the TAAJOBCTL authorization list. The EXCJOBCTL command allows a user to run some standard TAA functions such as CVTWRKUSR which creates an outfile of job information. The Security Officer may also specify what other commands may be run under *JOBCTL special authority. See the discussion with the EXCJOBCTL tool. TAAJOBCTL Special profile ------------------------- The owner of the DSPJOB3 processing program (TAAJODCC) is TAAJOBCTL. This special profile is created when installing the TAA Productivity Tools and has the special authority *JOBCTL. No other special authorities exist. The profile is created with PASSWORD(*NONE) so it may not be signed onto. The processing program (TAAJODCC) adopts the owners authority (TAAJOBCTL) during the running of the program. Checking for authorization is done using a program that 'unadopts'. The purpose of using the TAAJOBCTL user profile (rather than QSECOFR who owns other TAATOOL objects) is to prevent the adoption of *SPLCTL. *SPLCTL special authority allows access to any spooled file including those in 'private output queues'. Unless the user of the DSPJOB3 command is the same as the user of the job (or the the user of the command has the *SPLCTL special authority), spooled files in 'private output queues' cannot be displayed with DSPJOB3. When the TAA Productivity Tools are installed, the TAAJOBCTL user profile and DSPJOB3 program are set to allow correct processing. During the execution of the DSPJOB3 program, the program owner and user profile are checked to ensure that: ** The DSPJOB3 program is owned by TAAJOBCTL. ** The TAAJOBCTL user profile has the special authority *JOBCTL and no other special authorities. DSPJOB3 escape messages you can monitor for -------------------------------------------- CPF1069 If duplicate jobs exist and DSPDUPJOB(*MSG) CPF1070 The job could not be found TAA9894 Not authorized to another users job - User is not authorized to TAAJOBCTL *AUTL Escape messages from based on functions will be re-sent. Command parameters *CMD ------------------ JOB The qualified name of the job to be displayed. * is the default meaning the current job. The user must be authorized to display the job either because 1) it is his own, 2) he has *JOBCTL special authority, or 3) he is authorized to the TAAJOBCTL authorization list. The same restrictions relative to OPTION(*SPLF) and OPTION(*JOBLOG) as exist for the system DSPJOB command also exist for DSPJOB3. See the previous discussion. OUTPUT How to output the results. * is the default which means to display the results if the command is run interactively. If the command is run in batch or *PRINT is specified, the results are printed by DSPJOB. OPTION The name of the special value whose information is displayed. The choices are the same as appear on the DSPJOB command. Use the ? function in the parameter for the complete list. DUPJOBOPT The action to perform if duplicate jobs exist for the same values entered (such as duplicate jobs for a job name or a job/user name). The default is *SELECT which causes the TAA DSPDUPJOB menu to appear so an individual job may be selected. *MSG may be specified to cause the CPF1069 escape message. Restrictions ------------ See the previous comments about authorization. Prerequisites ------------- The following TAA Tools must be on your system: CHKJOBCTL Check job control DSPDUPJOB Display duplicate job RTVJOBSTS Retrieve job status SNDCOMPMSG Send completion message SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- DSPJOB3 *CMD TAAJODC QATTCMD TAAJODCC *PGM CLP TAAJODCC QATTCL TAAJODCD *FILE DSPF TAAJODCD QATTDDS Note that the TAAJODCC program is owned by the TAAJOBCTL user profile and adopts the owners authority.


DSPJOB3 DISPLAY JOB 3 TAAJODC
The Display Job 3 command allows a user who has USE authority to the TAAJOBCTL authorization list to perform DSPJOB functions for a job that is not his own. This allows trusted individuals (such as programmers) to have DSPJOB capability as if they had JOBCTL special authority without directly specifying JOBCTL in their user profile. The JOBCTL special authority provides a lot of capability such as: - Display any job - Display spooled file data for any job, change the spooled file, delete the spooled file (except for spooled files in 'private output queues') - Change any job - End any job - Clear job queues - Clear output queues - Power down the system Because of this, some installations want to minimize the use of JOBCTL special authority, but still have a need to allow some users to display jobs that are not their own. DSPJOB3 provides this capability by allowing trusted users to be authorized to the TAAJOBCTL authorization list. DSPJOB3 supports the same parameters as the system DSPJOB command. A typical command would be: DSPJOB3 JOB(xxx) Assuming the user was authorized, the TAA DSPJOB3 menu would appear which has the same options as the system DSPJOB menu. The DSPJOB3 command is authorized for PUBLIC(USE). This allows any user to use the command, but the following rules exist: ** If a user has no authority to the TAAJOBCTL authorization list and does not have JOBCTL special authority, the user can only operate on his own jobs (TAA9894 is sent as an escape message if the user is not the owner of the job). * If a user has USE authority to the TAAJOBCTL authorization list or has JOBCTL special authority, the user can display a job which is not his own (it is also possible to adopt authority to JOBCTL in a program that runs the DSPJOB3 command). Two restrictions exist when displaying a job other than your own (these are the same as supported by the system DSPJOB command): -- Spooled files which exist in a 'private output queue' can be listed, but the data cannot be displayed unless the user has SPLCTL special authority (it is not adopted). A 'private output queue' is created by the CRTOUTQ command OPRCTL(NO) function. -- The DSPJOB OPTION(JOBLOG) is prevented if the user running the command does not have ALLOBJ special authority and attempts to display a job of a user who has ALLOBJ special authority. Duplicate job handling ---------------------- If a fully qualified job name is not entered, there may be duplicate jobs for the same values entered (either Job or Job/User). DSPJOB3 supports the same DSPDUPJOB parameter as on DSPJOB. The default is SELECT to display a menu of the duplicates. This occurs by using the TAA DSPDUPJOB display and the user may select the job to be displayed. If DSPDUPJOB(MSG) is specified, the CPF1069 escape message (same ID used by DSPJOB) will be sent if duplicates exist. TAAJOBCTL Authorization List ---------------------------- The TAAJOBCTL authorization list allows certain TAA Tools to function as if the user was directly authorized to JOBCTL special authority. By authorizing a user to USE authority to the Authorization List, you enable the user to do a few other functions which are similar to DSPJOB3. The EXCJOBCTL command is under control of the TAAJOBCTL authorization list. The EXCJOBCTL command allows a user to run some standard TAA functions such as CVTWRKUSR which creates an outfile of job information. The Security Officer may also specify what other commands may be run under JOBCTL special authority. See the discussion with the EXCJOBCTL tool. TAAJOBCTL Special profile ------------------------- The owner of the DSPJOB3 processing program (TAAJODCC) is TAAJOBCTL. This special profile is created when installing the TAA Productivity Tools and has the special authority JOBCTL. No other special authorities exist. The profile is created with PASSWORD(NONE) so it may not be signed onto. The processing program (TAAJODCC) adopts the owners authority (TAAJOBCTL) during the running of the program. Checking for authorization is done using a program that 'unadopts'. The purpose of using the TAAJOBCTL user profile (rather than QSECOFR who owns other TAATOOL objects) is to prevent the adoption of SPLCTL. SPLCTL special authority allows access to any spooled file including those in 'private output queues'. Unless the user of the DSPJOB3 command is the same as the user of the job (or the the user of the command has the SPLCTL special authority), spooled files in 'private output queues' cannot be displayed with DSPJOB3. When the TAA Productivity Tools are installed, the TAAJOBCTL user profile and DSPJOB3 program are set to allow correct processing. During the execution of the DSPJOB3 program, the program owner and user profile are checked to ensure that: The DSPJOB3 program is owned by TAAJOBCTL. The TAAJOBCTL user profile has the special authority JOBCTL and no other special authorities. DSPJOB3 escape messages you can monitor for -------------------------------------------- CPF1069 If duplicate jobs exist and DSPDUPJOB(MSG) CPF1070 The job could not be found TAA9894 Not authorized to another users job - User is not authorized to TAAJOBCTL AUTL Escape messages from based on functions will be re-sent. Command parameters CMD ------------------ JOB The qualified name of the job to be displayed. * is the default meaning the current job. The user must be authorized to display the job either because 1) it is his own, 2) he has JOBCTL special authority, or 3) he is authorized to the TAAJOBCTL authorization list. The same restrictions relative to OPTION(SPLF) and OPTION(JOBLOG) as exist for the system DSPJOB command also exist for DSPJOB3. See the previous discussion. OUTPUT How to output the results. is the default which means to display the results if the command is run interactively. If the command is run in batch or PRINT is specified, the results are printed by DSPJOB. OPTION The name of the special value whose information is displayed. The choices are the same as appear on the DSPJOB command. Use the ? function in the parameter for the complete list. DUPJOBOPT The action to perform if duplicate jobs exist for the same values entered (such as duplicate jobs for a job name or a job/user name). The default is SELECT which causes the TAA DSPDUPJOB menu to appear so an individual job may be selected. MSG may be specified to cause the CPF1069 escape message. Restrictions ------------ See the previous comments about authorization. Prerequisites ------------- The following TAA Tools must be on your system: CHKJOBCTL Check job control DSPDUPJOB Display duplicate job RTVJOBSTS Retrieve job status SNDCOMPMSG Send completion message SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- DSPJOB3 CMD TAAJODC QATTCMD TAAJODCC PGM CLP TAAJODCC QATTCL TAAJODCD FILE DSPF TAAJODCD QATTDDS Note that the TAAJODCC program is owned by the TAAJOBCTL user profile and adopts the owners authority.

Added to TAA Productivity Tools June 15, 2001

Home Page

Last modified on October 10, 2008