TAA Tools
RVKDUPIFSA      REVOKE DUPLICATE IFS AUTHORITY         TAAIFTO

The  Revoke   Duplicate  IFS  Authority   command  checks   or  revokes
duplicate  authorities to the  *PUBLIC user of  IFS objects.   You must
first  run CVTIFSAUT  to create an  outfile of authorizations.   If the
authorization for  a user is  the same  as the *PUBLIC  profile, it  is
considered a  duplicate (except  for the owner).   If the  *PUBLIC user
is  specified as  *AUTL, the  authorizations from  the *AUTL  are used.
Duplicates because of Group Profiles  are not considered.  The  default
is to 'check' (a listing if produced).

*ALLOBJ special authority is required.

A typical series of commands would be:

             CVTIFSAUT   OBJ('/xxx') OUTLIB(QTEMP)
             RVKDUPIFSA  LIB(yyy)

Because  the  default  for  the OPTION  parameter  is  *CHECK,  only  a
listing  would be  produced.   After reviewing  the listing,  you could
remove the duplicates with:

             RVKDUPIFSA  OPTION(*REVOKE) LIB(QTEMP)

If  you  want  to   follow  OPTION(*REVOKE)  with  another   RVKDUPIFSA
command, you  must  first run  CVTIFSAUT again  to get  the outfile  of
current authorities.

RVKDUPIFSA escape messages you can monitor for
----------------------------------------------

      TAA9891    The IFSAUTP file does not exist.

Escape messages from based on functions will be re-sent.

RVKDUPIFSA Command parameters                         *CMD
-----------------------------

   OPTION        The  option  to  be  used.    The  default  is  *CHECK
                 meaning  that  no  authorizations  are  changed  and a
                 listing is output.

                 *REVOKE  may  be specified  to  revoke  the  duplicate
                 authorizations.    Only the  duplicate  authorizations
                 to the object are revoked.

                 Only  duplicate  authorizations  for  a specific  user
                 (other than  the owner)  are compared  to the  *PUBLIC
                 user.   If  the *PUBLIC  user is  specified as  *AUTL,
                 the  authorizations  from the  *AUTL  are  used.   Not
                 considered are duplicates for group profiles.

   PRTPUBLIC     An  option  for  whether  the  *PUBLIC  user  of  each
                 object will  always be  listed.   The default is  *ALL
                 to  list the  *PUBLIC user.    This provides  at least
                 one line per object.

                 *DUP  may be  specified to  list the  *PUBLIC user for
                 only those objects which have duplicates.

   PRTDETAIL     An option  for  whether  to list  just  the  duplicate
                 user  authorizations or  all  authorized  users.   The
                 default  is  *DUP  to  print  a  single  line  for  an
                 authorized user if duplicate authorities exist.

                 *ALL may  be  specified to  print  all users  who  are
                 authorized.

   LIB           The library where  the IFSAUTP file exists.   The file
                 must  have  been  created  by  the CVTIFSAUT  command.
                 *LIBL is the default.   A specific library or  *CURLIB
                 may be specified.

   MBR           The  member of  the  IFSAUTP file  to  be used.    The
                 default is  IFSAUTP.  A  specific member may  be named
                 if it was output by the CVTIFSAUT command.

   OUTPUT        How  to  output  the results.    * is  the  default to
                 display the  spooled file  if the  command is  entered
                 interactively.   The spooled file is  deleted after it
                 is displayed.

                 If  the  command  is entered  in  batch  or  *PRINT is
                 specified, the spooled  file is  output and  retained.


Restrictions
------------

  **   *ALLOBJ special authority is required.

  **   Group profiles are not considered.

  **   The maximum path length processed is 5000 bytes.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CHKALLOBJ       Check *ALLOBJ special authority
     RTVSYSVAL3      Retrieve system value 3
     SNDCOMPMSG      Send completion message
     SNDESCINF       Send escape information
     SNDESCMSG       Send escape message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   RVKDUPIFSA    *CMD                   TAAIFTO       QATTCMD
   TAAIFTOC      *PGM       CLP         TAAIFTOC      QATTCL
   TAAIFTOC2     *PGM       CLP         TAAIFTOC2     QATTCL
   TAAIFTOR      *PGM       RPG         TAAIFTOR      QATTRPG
					

Added to TAA Productivity tools August 1, 2008


Home Page Up to Top