RVKDUPIFSA Revoke Duplicate IFS Authority

RVKDUPIFSA REVOKE DUPLICATE IFS AUTHORITY TAAIFTO
The Revoke Duplicate IFS Authority command checks or revokes duplicate authorities to the *PUBLIC user of IFS objects. You must first run CVTIFSAUT to create an outfile of authorizations. If the authorization for a user is the same as the *PUBLIC profile, it is considered a duplicate (except for the owner). If the *PUBLIC user is specified as *AUTL, the authorizations from the *AUTL are used. Duplicates because of Group Profiles are not considered. The default is to 'check' (a listing if produced). *ALLOBJ special authority is required. A typical series of commands would be: CVTIFSAUT OBJ('/xxx') OUTLIB(QTEMP) RVKDUPIFSA LIB(yyy) Because the default for the OPTION parameter is *CHECK, only a listing would be produced. After reviewing the listing, you could remove the duplicates with: RVKDUPIFSA OPTION(*REVOKE) LIB(QTEMP) If you want to follow OPTION(*REVOKE) with another RVKDUPIFSA command, you must first run CVTIFSAUT again to get the outfile of current authorities. RVKDUPIFSA escape messages you can monitor for ---------------------------------------------- TAA9891 The IFSAUTP file does not exist. Escape messages from based on functions will be re-sent. RVKDUPIFSA Command parameters *CMD ----------------------------- OPTION The option to be used. The default is *CHECK meaning that no authorizations are changed and a listing is output. *REVOKE may be specified to revoke the duplicate authorizations. Only the duplicate authorizations to the object are revoked. Only duplicate authorizations for a specific user (other than the owner) are compared to the *PUBLIC user. If the *PUBLIC user is specified as *AUTL, the authorizations from the *AUTL are used. Not considered are duplicates for group profiles. PRTPUBLIC An option for whether the *PUBLIC user of each object will always be listed. The default is *ALL to list the *PUBLIC user. This provides at least one line per object. *DUP may be specified to list the *PUBLIC user for only those objects which have duplicates. PRTDETAIL An option for whether to list just the duplicate user authorizations or all authorized users. The default is *DUP to print a single line for an authorized user if duplicate authorities exist. *ALL may be specified to print all users who are authorized. LIB The library where the IFSAUTP file exists. The file must have been created by the CVTIFSAUT command. *LIBL is the default. A specific library or *CURLIB may be specified. MBR The member of the IFSAUTP file to be used. The default is IFSAUTP. A specific member may be named if it was output by the CVTIFSAUT command. OUTPUT How to output the results. * is the default to display the spooled file if the command is entered interactively. The spooled file is deleted after it is displayed. If the command is entered in batch or *PRINT is specified, the spooled file is output and retained. Restrictions ------------ ** *ALLOBJ special authority is required. ** Group profiles are not considered. ** The maximum path length processed is 5000 bytes. Prerequisites ------------- The following TAA Tools must be on your system: CHKALLOBJ Check *ALLOBJ special authority RTVSYSVAL3 Retrieve system value 3 SNDCOMPMSG Send completion message SNDESCINF Send escape information SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- RVKDUPIFSA *CMD TAAIFTO QATTCMD TAAIFTOC *PGM CLP TAAIFTOC QATTCL TAAIFTOC2 *PGM CLP TAAIFTOC2 QATTCL TAAIFTOR *PGM RPG TAAIFTOR QATTRPG


RVKDUPIFSA REVOKE DUPLICATE IFS AUTHORITY TAAIFTO
The Revoke Duplicate IFS Authority command checks or revokes duplicate authorities to the PUBLIC user of IFS objects. You must first run CVTIFSAUT to create an outfile of authorizations. If the authorization for a user is the same as the PUBLIC profile, it is considered a duplicate (except for the owner). If the PUBLIC user is specified as AUTL, the authorizations from the AUTL are used. Duplicates because of Group Profiles are not considered. The default is to 'check' (a listing if produced). ALLOBJ special authority is required. A typical series of commands would be: CVTIFSAUT OBJ('/xxx') OUTLIB(QTEMP) RVKDUPIFSA LIB(yyy) Because the default for the OPTION parameter is CHECK, only a listing would be produced. After reviewing the listing, you could remove the duplicates with: RVKDUPIFSA OPTION(REVOKE) LIB(QTEMP) If you want to follow OPTION(REVOKE) with another RVKDUPIFSA command, you must first run CVTIFSAUT again to get the outfile of current authorities. RVKDUPIFSA escape messages you can monitor for ---------------------------------------------- TAA9891 The IFSAUTP file does not exist. Escape messages from based on functions will be re-sent. RVKDUPIFSA Command parameters CMD ----------------------------- OPTION The option to be used. The default is CHECK meaning that no authorizations are changed and a listing is output. REVOKE may be specified to revoke the duplicate authorizations. Only the duplicate authorizations to the object are revoked. Only duplicate authorizations for a specific user (other than the owner) are compared to the PUBLIC user. If the PUBLIC user is specified as AUTL, the authorizations from the AUTL are used. Not considered are duplicates for group profiles. PRTPUBLIC An option for whether the PUBLIC user of each object will always be listed. The default is ALL to list the PUBLIC user. This provides at least one line per object. DUP may be specified to list the PUBLIC user for only those objects which have duplicates. PRTDETAIL An option for whether to list just the duplicate user authorizations or all authorized users. The default is DUP to print a single line for an authorized user if duplicate authorities exist. ALL may be specified to print all users who are authorized. LIB The library where the IFSAUTP file exists. The file must have been created by the CVTIFSAUT command. LIBL is the default. A specific library or CURLIB may be specified. MBR The member of the IFSAUTP file to be used. The default is IFSAUTP. A specific member may be named if it was output by the CVTIFSAUT command. OUTPUT How to output the results. is the default to display the spooled file if the command is entered interactively. The spooled file is deleted after it is displayed. If the command is entered in batch or PRINT is specified, the spooled file is output and retained. Restrictions ------------ * ALLOBJ special authority is required. * Group profiles are not considered. ** The maximum path length processed is 5000 bytes. Prerequisites ------------- The following TAA Tools must be on your system: CHKALLOBJ Check ALLOBJ special authority RTVSYSVAL3 Retrieve system value 3 SNDCOMPMSG Send completion message SNDESCINF Send escape information SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- RVKDUPIFSA CMD TAAIFTO QATTCMD TAAIFTOC PGM CLP TAAIFTOC QATTCL TAAIFTOC2 PGM CLP TAAIFTOC2 QATTCL TAAIFTOR *PGM RPG TAAIFTOR QATTRPG

Added to TAA Productivity Tools August 1, 2008

Home Page

Last modified on October 10, 2008