SWPUSRPRF -- Swap User Profile

SWPUSRPRF SWAP USER PROFILE TAASEHC
The Swap User Profile command allows a swap to a user profile and runs a command under the new user profile. You must have USE authority to the new user profile, but the authority may be adopted. When the command completes (either normally or abnormally), a special 'scope' program is used to ensure a swap back occurs to the original profile. Among other uses, SWPUSRPRF allows a means of adopting when using IFS objects. A typical use of SWPUSRPRF is when operating on a secured IFS object and you want to allow any authorized user of a program to have access to the IFS object. Program adoption cannot be used when operating on IFS objects, but swapping the profile will allow the function to be performed. For example, assume your IFS object is owned by USERA and you want USERB to operate on the IFS object without directly authorizing USERB to the IFS object. As USERA, you would create the program using USRPRF(OWNER). The program would contain the SWPUSRPRF command such as: SWPUSRPRF USRPRF(USERA) CMD('xxx')) You would make the program PUBLIC(EXCLUDE) and authorize USERB to the program. When USERB runs the program, the SWPUSRPRF command checks to see if the user of the program has USE authority to USERA. Because the program was created by USERA and adopts authority, the user is authorized. SWPUSRPRF places a special 'scope' program is placed on the program invocation stack and the system ensures the program will be run. The command (including the CALL command) specified in the CMD parameter would be run using the profile USERA. When the command completes, the special 'scope' program is run and the profile is swapped back to USERB. A profile such as QSECOFR could also be used as the profile to swap to. Any error handling for your command should be handled normally as if you had coded the command directly and not used the SWPUSRPRF command such as: SWPUSRPRF USRPRF(xxx) CMD('DLTIFS xxx') MONMSG MSGID(TAA9895) EXEC(DO) /* None to delete / APIs used --------- The SWPUSRPRF CPP uses the following APIs. * QSYGETPH is used to get the 'handle' of the current user profile. NOPWDCHK is specified. * QMHSNDSM is used to place the 'scope' program TAASEHCC2 on the invocation stack. ** QSYGETPH is used to get the 'handle' of the user profile to be swapped to. NOPWDCHK is specified. * QWTSETP is used to swap to the new profile. The TAASEHCC2 program uses: QWTSETP to swap back to the original profile. QSYRLSPH to release the handle. SWPUSRPRF escape messages you can monitor for --------------------------------------------- CPF9898 No USE authority to the profile Escape messages from based on functions will be re-sent. Command parameters CMD ------------------ USRPRF The user profile to be swapped to. The user of the command must have USE authority to the user profile. The authority may be adopted. CMD The command to be run (including the CALL command). Up to 32000 bytes may be entered. This allows for expansion which may be done by the command analyzer. When the command prompter is used for SWPUSRPRF and a command is entered in the CMD parameter, F4 may be used to prompt for the keywords (similar to prompting for the CMD value on SBMJOB). If SWPUSRPRF is entered into a CL program and the user should be prompted to enter the keywords for a specific command, enter a preceding ? such as '?CHGUSRPRF'. Restrictions ------------ The user of the program must have USE authority to the program. The authority may be adopted. Prerequisites ------------- The following TAA Tools must be on your system: CHKOBJ3 Check object 3 RSNALLMSG Resend all messages RSNLSTMSG Resend last message SNDESCINF Send escape information SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- SWPUSRPRF CMD TAASEHC QATTCMD TAASEHCC PGM CLP TAASEHCC QATTCL TAASEHCC2 *PGM CLP TAASEHCC2 QATTCL Structure --------- SWPUSRPRF Cmd TAASEHCC CL pgm - Places the TAASEHCC2 program on the stack

SWPUSRPRF       SWAP USER PROFILE                      TAASEHC


The Swap  User Profile  command allows  a swap  to a  user profile  and
runs  a  command under  the  new  user profile.    You  must have  *USE
authority  to the new  user profile, but the  authority may be adopted.
When the command completes  (either normally or abnormally), a  special
'scope' program  is used to ensure  a swap back occurs  to the original
profile.   Among other uses, SWPUSRPRF allows  a means of adopting when
using IFS objects.

A typical use of  SWPUSRPRF is when operating  on a secured IFS  object
and you want to  allow any authorized user of a program  to have access
to the  IFS object.  Program adoption cannot  be used when operating on
IFS objects, but  swapping the profile  will allow the  function to  be
performed.

For example,  assume your  IFS object is  owned by  USERA and  you want
USERB to  operate on the IFS object  without directly authorizing USERB
to  the  IFS object.   As  USERA, you  would  create the  program using
USRPRF(*OWNER).  The program  would contain the SWPUSRPRF  command such
as:

            SWPUSRPRF    USRPRF(USERA) CMD('xxx'))

You  would make  the program  PUBLIC(*EXCLUDE) and  authorize  USERB to
the program.

When  USERB runs the  program, the SWPUSRPRF  command checks  to see if
the user  of the  program has  *USE authority  to USERA.   Because  the
program  was  created  by  USERA and  adopts  authority,  the  user  is
authorized.

SWPUSRPRF  places a special  'scope' program  is placed on  the program
invocation stack and the system ensures  the program will be run.   The
command (including  the CALL  command) specified  in the CMD  parameter
would  be run  using the profile  USERA.   When the  command completes,
the  special 'scope' program is run and  the profile is swapped back to
USERB.

A profile such  as QSECOFR could  also be used as  the profile to  swap
to.

Any error  handling for your command  should be handled  normally as if
you  had coded the command directly and  not used the SWPUSRPRF command
such as:

             SWPUSRPRF    USRPRF(xxx) CMD('DLTIFS xxx')
             MONMSG       MSGID(TAA9895) EXEC(DO) /* None to delete */

APIs used
---------

The SWPUSRPRF CPP uses the following APIs.

  **   QSYGETPH is  used  to  get  the 'handle'  of  the  current  user
       profile.  *NOPWDCHK is specified.

  **   QMHSNDSM is used  to place the 'scope' program  TAASEHCC2 on the
       invocation stack.

  **   QSYGETPH is  used to get the 'handle' of  the user profile to be
       swapped to.  *NOPWDCHK is specified.

  **   QWTSETP is used to swap to the new profile.

The TAASEHCC2 program uses:

  **   QWTSETP to swap back to the original profile.

  **   QSYRLSPH to release the handle.

SWPUSRPRF escape messages you can monitor for
---------------------------------------------

      CPF9898    No *USE authority to the profile

Escape messages from based on functions will be re-sent.

Command parameters                                    *CMD
------------------

   USRPRF        The user profile to  be swapped to.   The user of  the
                 command  must   have  *USE   authority  to  the   user
                 profile.  The authority may be adopted.

   CMD           The  command to be  run (including the  CALL command).
                 Up  to 32000  bytes may be  entered.   This allows for
                 expansion which may  be done by the  command analyzer.

When  the command  prompter  is used  for  SWPUSRPRF and  a command  is
entered  in  the  CMD parameter,  F4  may  be used  to  prompt  for the
keywords (similar to prompting for the CMD value on SBMJOB).

If SWPUSRPRF  is entered  into  a CL  program and  the user  should  be
prompted  to  enter  the  keywords for  a  specific  command,  enter  a
preceding ?  such as '?CHGUSRPRF'.

Restrictions
------------

The user of the program must have *USE authority to the program.
The authority may be adopted.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CHKOBJ3         Check object 3
     RSNALLMSG       Resend all messages
     RSNLSTMSG       Resend last message
     SNDESCINF       Send escape information
     SNDESCMSG       Send escape message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   SWPUSRPRF     *CMD                   TAASEHC       QATTCMD
   TAASEHCC      *PGM       CLP         TAASEHCC      QATTCL
   TAASEHCC2     *PGM       CLP         TAASEHCC2     QATTCL


Structure
---------

SWPUSRPRF   Cmd
   TAASEHCC   CL pgm  - Places the TAASEHCC2 program on the stack

Added to TAA Productivity tools June 30, 2007

Home Page

Up to Top