TAA Tools
EDTOBJAUT2      EDIT OBJECT AUTHORITY 2                TAASECF

The Edit Object Authority  2 command is similar to  the system supplied
EDTOBJAUT  command  except   that  the  names  appear  in  alphabetical
sequence  following  the  owner  and *PUBLIC  user.    A  'position to'
option exists.   An  option exists to  capture the  GRT/RVK changes  so
they may be logged or sent to another system.

The user  profile name *GROUP  will appear if  the user is part  of the
group   profile  that  is  authorized  to   the  object.    The  *GROUP
authorizations cannot  be changed  using EDTOBJAUT2.    A message  will
appear stating this and describing that EDTOBJAUT should be used.

A typical command would be entered as:

          EDTOBJAUT2   OBJ(PGMA) OBJTYPE(*PGM)

A  subfile display  appears that  is  similar to  the system  EDTOBJAUT
display.

The   following   major  differences   exist   between   EDTOBJAUT  and
EDTOBJAUT2.

  **   The owner  is always  the first  user on  the display  (same  as
       EDTOBJAUT), but  the *PUBLIC user  is always the  second instead
       of the  last user.   This allows a  simple review of  one of the
       most important aspects of security.

  **   The   remaining  users  appear  in   user  profile  name  order.
       EDTOBJAUT displays users in create date order.

  **   A  'position  to'  field   exists  to  easily  access   a  user.
       EDTOBJAUT requires searching for a user.

  **   All detail authorities  are shown on the initial  display.  This
       is  the same  as EDTOBJAUT  if the user  running the  command is
       specified in the user profile as USROPT(*EXPERT).

  **   When F6 is used to add a  new user, 'add mode' is started and  a
       single user  may be  entered on  each display (EDTOBJAUT  allows
       multiple  users on a single  display).  Only  the description of
       the object  authority (such  as  *USE) can  be entered  on  this
       display.   If  specific authorities  must be  entered, they  may
       only be entered on the main display.

  **   An  exit  program  is available  to  allow  any  changes to  the
       authority  list  to  be  passed  to  another  system.    This is
       designed to  retain duplicate authorities  on multiple  systems.
       See the later discussion on the Exit Program.

For  a similar  function on  editing authorization  lists, see  the TAA
tool EDTAUTL2.

Exit program
------------

You  can  name  an exit  program  and  be passed  the  command  that is
executed to maintain the authorizations.   The intent of this  function
is to allow you  to maintain the authorizations on  one system and have
the same change made automatically on other systems.

The exit  program must be named using  the Application Value EDTOBJAUT2
in TAASECURE (a User Space object).  As an *ALLOBJ user, enter:

             EDTAPPVAL  APPVAL(TAASECURE/EDTOBJAUT2)

When the display appears, enter both  a program and a library for  your
exit program.  The fields  should be blank if no exit  program is used.

If an  exit program is entered, the program  must exist when EDTOBJAUT2
is used.

Your  exit program must accept a  single parameter which is the command
to be executed.  The parameter is passed as 500 bytes.

             PGM        PARM(&CMD)
             DCL        &CMD *CHAR LEN(500)

A typical example of  what you would do with  the command is to  use it
with a SBMRMTCMD command such as:

              SBMRMTCMD CMD(&CMD) DDMFILE(xxx)

You could also  consider logging the command to  the audit journal such
as:

              SNDAUDE    ID(EDTOBJAUT2) ENTDTA(&CMD)

Command parameters                                    *CMD
------------------

   OBJ           The  qualified  object  name  to  use.    The  library
                 defaults to *LIBL.

   OBJTYPE       The object type.   Use the command  prompt for a  list
                 of values.

Restrictions
------------

You must  be authorized to  use the grant  and revoke functions  on the
object named.   If you are  using SBMRMTCMD, see the  discussion of DDM
considerations with the TAA tool CHGUSRPWD.

Restrictions
------------

The *GROUP  authorizations  cannot  be changed  using  EDTOBJAUT2.    A
message will appear  stating this and describing that  EDTOBJAUT should
be used.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CHKNAM       Check name
     EDTAUTL2     Edit authorization list 2
     SNDESCMSG    Send escape message
     SNDSTSMSG    Send status message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type        Attribute      Src member    Src file
   ------        ----        ---------      ----------    ----------

   EDTOBJAUT2    *CMD                       TAASECF       QATTCMD
   TAASECFD      *FILE          DSPF        TAASECFD      QATTDDS
   TAASECFC      *PGM           CLP         TAASECFC      QATTCL
   TAASECFC2     *PGM           CLP         TAASECFC2     QATTCL
   TAASECFC3     *PGM           CLP         TAASECFC3     QATTCL
   TAASECFC5     *PGM           CLP         TAASECFC5     QATTCL
   TAASECFR      *PGM           RPG         TAASECFR      QATTRPG
					

Added to TAA Productivity tools April 1, 1995


Home Page Up to Top