GRTAUTMSGQ Grant Authority to Message Queue

GRTAUTMSGQ GRANT AUTHORITY TO MESSAGE QUEUE TAAMSIS
The Grant Authority to Message Queue command is intended to prevent the *PUBLIC user from displaying and answering messages in a message queue such as QSYSOPR. The command sets the *PUBLIC authority to allow sending of messages, but prevents the use of DSPMSG to the message queue. A named user may be specified who will be able to both send messages and use DSPMSG. If a user is authorized to display a message queue, he may respond to any inquiry messages. A user may not delete a message unless he is authorized to the delete data right. System shipped defaults ----------------------- The system defaults the authority to the QSYSOPR message queue to allow the *PUBLIC user to be able to display and answer messages (deletion of messages is not authorized). Even if the user is menu controlled, the use of System Request option 6 still allows access to the QSYSOPR message queue. If the user is authorized to use DSPMSG for a message queue, there is no option that will prevent him from answering a message. The *PUBLIC user is shipped with the rights of *OBJOPR, *READ, *ADD, and *EXECUTE. It is the *READ right that allows DSPMSG to be used. The system ships the QSYSOPR message queue to allow several users such as QPGMR and QSYSOPR to be able to display, answer, and delete messages. To delete a message the *DLT right must be granted. Intent of GRTAUTMSGQ -------------------- The intent of GRTAUTMSGQ is to prevent the *PUBLIC user from being able to display a message queue such as QSYSOPR and answering a message he may not fully understand. In most environments, the typical end user should not be confronted with the QSYSOPR message queue and should not be answering messages. GRTAUTMSGQ also allows you to name a user who should be able to display the message queue and answer messages. An option exists to determine if the named user should be able to delete any messages. The *PUBLIC user and the named user may send messages to the message queue. Typical GRTAUTMSGQ command -------------------------- You must have all rights to the message queue to be able to use GRTAUTMSGQ. A typical command would be: GRTAUTMSGQ USRPRF(xxx) MSGQ(QSYSOPR) DLTMSG(*NO) The following would occur: ** If the *PUBLIC user is not currently authorized to 'send messages only', the authorization would be changed. ** The named user would be authorized to be able to send messages and use DSPMSG, but not be able to delete any messages. You may use GRTAUTMSGQ for each user who should be able to use DSPMSG and individually determine if deletion of messages should be allowed. System Request Option 6 ----------------------- If the *PUBLIC user is not authorized to DSPMSG for QSYSOPR, entering System Request Option 6 will produce an error message on the System Request display. QCFGMSGQ -------- The QCFGMSGQ is also shipped with the same authority as QSYSOPR. Printer/writer inquiry messages may be sent to QCFGMSGQ. Recovery -------- To reset the *PUBLIC user back to the shipped default, enter GRTAUTMSGQ USRPRF(*PUBLIC) MSGQ(QSYSOPR) DLTMSG(*NO) GRTAUTMSGQ escape messages you can monitor for ---------------------------------------------- None. Escape messages from based on functions will be re-sent. Command parameters *CMD ------------------ USRPRF The user profile that will be authorized to use DSPMSG to the message queue. The user will also be authorized to send messages to the message queue. MSGQ The qualified name of the message queue. The library value defaults to *LIBL. *CURLIB may also be used. Unless USRPRF(*PUBLIC) is specified, the *PUBLIC authorization to the message queue will be set (if not already set) so that sending of messages is valid, but the use of DSPMSG is not. To reset the *PUBLIC user back to the shipped default, enter GRTAUTMSGQ USRPRF(*PUBLIC) MSGQ(QSYSOPR) DLTMSG(*NO) DLTMSG A *YES/*NO option for whether the named user profile will be able to delete messages in the message queue. *NO is the default to prevent deletion of messages. *YES may be specified to allow the deletion of messages. Restrictions ------------ You must have all rights to the message queue to be able to use GRTAUTMSGQ. Prerequisites ------------- The following TAA Tools must be on your system: RTVOBJAUT2 Retrieve object authority 2 SNDCOMPMSG Send completion message SNDESCINF Send escape information SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- GRTAUTMSGQ *CMD TAAMSIS QATTCMD TAAMSISC *PGM CLP TAAMSISC QATTCL


GRTAUTMSGQ GRANT AUTHORITY TO MESSAGE QUEUE TAAMSIS
The Grant Authority to Message Queue command is intended to prevent the PUBLIC user from displaying and answering messages in a message queue such as QSYSOPR. The command sets the PUBLIC authority to allow sending of messages, but prevents the use of DSPMSG to the message queue. A named user may be specified who will be able to both send messages and use DSPMSG. If a user is authorized to display a message queue, he may respond to any inquiry messages. A user may not delete a message unless he is authorized to the delete data right. System shipped defaults ----------------------- The system defaults the authority to the QSYSOPR message queue to allow the PUBLIC user to be able to display and answer messages (deletion of messages is not authorized). Even if the user is menu controlled, the use of System Request option 6 still allows access to the QSYSOPR message queue. If the user is authorized to use DSPMSG for a message queue, there is no option that will prevent him from answering a message. The PUBLIC user is shipped with the rights of OBJOPR, READ, ADD, and EXECUTE. It is the READ right that allows DSPMSG to be used. The system ships the QSYSOPR message queue to allow several users such as QPGMR and QSYSOPR to be able to display, answer, and delete messages. To delete a message the DLT right must be granted. Intent of GRTAUTMSGQ -------------------- The intent of GRTAUTMSGQ is to prevent the PUBLIC user from being able to display a message queue such as QSYSOPR and answering a message he may not fully understand. In most environments, the typical end user should not be confronted with the QSYSOPR message queue and should not be answering messages. GRTAUTMSGQ also allows you to name a user who should be able to display the message queue and answer messages. An option exists to determine if the named user should be able to delete any messages. The PUBLIC user and the named user may send messages to the message queue. Typical GRTAUTMSGQ command -------------------------- You must have all rights to the message queue to be able to use GRTAUTMSGQ. A typical command would be: GRTAUTMSGQ USRPRF(xxx) MSGQ(QSYSOPR) DLTMSG(NO) The following would occur: * If the PUBLIC user is not currently authorized to 'send messages only', the authorization would be changed. * The named user would be authorized to be able to send messages and use DSPMSG, but not be able to delete any messages. You may use GRTAUTMSGQ for each user who should be able to use DSPMSG and individually determine if deletion of messages should be allowed. System Request Option 6 ----------------------- If the PUBLIC user is not authorized to DSPMSG for QSYSOPR, entering System Request Option 6 will produce an error message on the System Request display. QCFGMSGQ -------- The QCFGMSGQ is also shipped with the same authority as QSYSOPR. Printer/writer inquiry messages may be sent to QCFGMSGQ. Recovery -------- To reset the PUBLIC user back to the shipped default, enter GRTAUTMSGQ USRPRF(PUBLIC) MSGQ(QSYSOPR) DLTMSG(NO) GRTAUTMSGQ escape messages you can monitor for ---------------------------------------------- None. Escape messages from based on functions will be re-sent. Command parameters CMD ------------------ USRPRF The user profile that will be authorized to use DSPMSG to the message queue. The user will also be authorized to send messages to the message queue. MSGQ The qualified name of the message queue. The library value defaults to LIBL. CURLIB may also be used. Unless USRPRF(PUBLIC) is specified, the PUBLIC authorization to the message queue will be set (if not already set) so that sending of messages is valid, but the use of DSPMSG is not. To reset the PUBLIC user back to the shipped default, enter GRTAUTMSGQ USRPRF(PUBLIC) MSGQ(QSYSOPR) DLTMSG(NO) DLTMSG A YES/NO option for whether the named user profile will be able to delete messages in the message queue. NO is the default to prevent deletion of messages. YES may be specified to allow the deletion of messages. Restrictions ------------ You must have all rights to the message queue to be able to use GRTAUTMSGQ. Prerequisites ------------- The following TAA Tools must be on your system: RTVOBJAUT2 Retrieve object authority 2 SNDCOMPMSG Send completion message SNDESCINF Send escape information SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- GRTAUTMSGQ CMD TAAMSIS QATTCMD TAAMSISC PGM CLP TAAMSISC QATTCL

Added to TAA Productivity Tools June 1, 2005

Home Page

Last modified on October 10, 2008