TAA Tools
GRTAUTMSGQ      GRANT AUTHORITY TO MESSAGE QUEUE       TAAMSIS

The Grant  Authority to Message  Queue command  is intended to  prevent
the *PUBLIC  user from displaying  and answering messages  in a message
queue  such  as QSYSOPR.   The  command sets  the *PUBLIC  authority to
allow sending  of  messages, but  prevents  the use  of DSPMSG  to  the
message  queue.  A  named user  may be  specified who  will be  able to
both send messages and use DSPMSG.

If a  user is authorized to display a  message queue, he may respond to
any inquiry messages.   A user may  not delete a  message unless he  is
authorized to the delete data right.

System shipped defaults
-----------------------

The  system defaults  the authority  to  the QSYSOPR  message queue  to
allow  the  *PUBLIC user  to be  able  to display  and  answer messages
(deletion of messages  is not authorized).   Even if the  user is  menu
controlled, the use of  System Request option 6 still  allows access to
the QSYSOPR message queue.

If the user  is authorized to use DSPMSG for  a message queue, there is
no option that will prevent him from answering a message.

The  *PUBLIC user is  shipped with the rights  of *OBJOPR, *READ, *ADD,
and *EXECUTE.  It is the *READ right that allows DSPMSG to be used.

The system  ships  the QSYSOPR  message queue  to  allow several  users
such as  QPGMR and QSYSOPR  to be able  to display, answer,  and delete
messages.  To delete a message the *DLT right must be granted.

Intent of GRTAUTMSGQ
--------------------

The  intent of  GRTAUTMSGQ is  to prevent the  *PUBLIC user  from being
able to  display  a  message queue  such  as QSYSOPR  and  answering  a
message  he  may not  fully  understand.    In most  environments,  the
typical  end user  should not  be confronted  with the  QSYSOPR message
queue and should not be answering messages.

GRTAUTMSGQ also  allows  you to  name  a user  who  should be  able  to
display the  message queue and  answer messages.   An option exists  to
determine if the named user should be able to delete any messages.

The *PUBLIC  user and the named  user may send messages  to the message
queue.

Typical GRTAUTMSGQ command
--------------------------

You  must  have all  rights  to the  message queue  to  be able  to use
GRTAUTMSGQ.

A typical command would be:

             GRTAUTMSGQ    USRPRF(xxx) MSGQ(QSYSOPR) DLTMSG(*NO)

The following would occur:

  **   If  the *PUBLIC  user  is  not  currently  authorized  to  'send
       messages only', the authorization would be changed.

  **   The named user  would be authorized to be  able to send messages
       and use DSPMSG, but not be able to delete any messages.

You may  use GRTAUTMSGQ for each user who  should be able to use DSPMSG
and individually determine if deletion  of messages should be  allowed.

System Request Option 6
-----------------------

If the *PUBLIC  user is not authorized to DSPMSG  for QSYSOPR, entering
System  Request Option 6  will produce an  error message on  the System
Request display.

QCFGMSGQ
--------

The QCFGMSGQ  is  also shipped  with  the same  authority  as  QSYSOPR.
Printer/writer inquiry messages may be sent to QCFGMSGQ.

Recovery
--------

To reset the *PUBLIC user back to the shipped default, enter

                     GRTAUTMSGQ    USRPRF(*PUBLIC) MSGQ(QSYSOPR)
                                     DLTMSG(*NO)

GRTAUTMSGQ escape messages you can monitor for
----------------------------------------------

None.  Escape messages from based on functions will be re-sent.

Command parameters                                    *CMD
------------------

   USRPRF        The  user  profile  that will  be  authorized  to  use
                 DSPMSG to  the message queue.   The user  will also be
                 authorized to send messages to the message queue.

   MSGQ          The   qualified  name  of  the  message  queue.    The
                 library value  defaults to  *LIBL.   *CURLIB may  also
                 be used.

                 Unless  USRPRF(*PUBLIC)  is   specified,  the  *PUBLIC
                 authorization  to the  message queue  will be  set (if
                 not already  set)  so  that  sending  of  messages  is
                 valid, but the use of DSPMSG is not.

                 To  reset  the  *PUBLIC  user   back  to  the  shipped
                 default, enter

                    GRTAUTMSGQ    USRPRF(*PUBLIC) MSGQ(QSYSOPR)
                                    DLTMSG(*NO)

   DLTMSG        A *YES/*NO  option for whether the  named user profile
                 will  be  able  to  delete  messages  in  the  message
                 queue.

                 *NO is  the default to  prevent deletion  of messages.

                 *YES  may  be  specified  to  allow  the  deletion  of
                 messages.

Restrictions
------------

You  must  have all  rights  to the  message queue  to  be able  to use
GRTAUTMSGQ.

Prerequisites
-------------

The following TAA Tools must be on your system:

     RTVOBJAUT2      Retrieve object authority 2
     SNDCOMPMSG      Send completion message
     SNDESCINF       Send escape information
     SNDESCMSG       Send escape message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   GRTAUTMSGQ    *CMD                   TAAMSIS       QATTCMD
   TAAMSISC      *PGM       CLP         TAAMSISC      QATTCL
					

Added to TAA Productivity tools June 1, 2005


Home Page Up to Top