TAA Tools
TAA Productivity Tools Security Discussion
General statement

The TAA Productivity Tools are designed so that their use does not
violate any system security functions. Objects and data are read using
standard system interfaces such as system commands, system APIs, CL,
and RPG.

The tools are tested at Level 40 security. No violations exist.

Any design errors should be reported immediately to the TAA
Productivity Tools owner.

Your security responsibility

There are no known security exposures to installing the TAA
Productivity Tools on your system. The TAA Tools that are security
sensitive are controlled as described later.

Many TAA Tools exist that can assist you in evaluating and maintaining
system security.

Your responsibilities to ensure a secure system when using the TAA
Tools are:

-   Use at least Level 30 Security. As on any system that is
    interested in good security, Level 40 is recommended.

-   Follow normal good guidelines for installation security. This
    includes such things as minimizing the number of users with
    special authorities (such as *ALLOBJ, *SECADM, or *SERVICE) and
    properly authorizing the security sensitive TAA Tools.

    You are placing complete trust in any user who is given *ALLOBJ
    special authority. You should not assume that even though this
    user may not have *SECADM or *SERVICE that you are protected.

-   Ensure that any system commands that are changed to provide such
    functions as a validation program are rigidly controlled.

-   Ensure that no libraries exist before QSYS on the library list or
    that you rigidly control what exists in those libraries. See the
    later discussion of this.

-   Several TAA Authorization Lists (*AUTL) exist. These allow you to
    authorize users to certain functions and retain the authorizations
    even though a new version of the tools is installed. *ALLOBJ users
    are implicitly authorized to these *AUTLs.

    Tools which use the *AUTLs are generally security sensitive.

    The *AUTL objects are shipped with the *PUBLIC user as *EXCLUDE.
    Allowing the *PUBLIC any authority except *EXCLUDE could
    compromise security. Use the CHKTAAAUTL command to ensure that
    *PUBLIC *EXCLUDE is still specified or you have explicit reasons
    for making a change.

-   If you change the source and re-create any of the tools, you are
    responsible for the integrity of the tool. For most changes, you
    should be able to follow the security designed into the tools.

-   Consider the HELPTAA options on Backup and Disaster Recovery.

-   Security is also provided by the CRTTAATOOL command which creates
    the objects with the intended protection. If you intend to
    re-create part of a tool, you should use CRTTAATOOL to re-create
    the entire tool.

Ownership

Almost all TAA Productivity Tools libraries and objects are shipped as
owned by QSECOFR.

The TAAJOBCTL user profile is created at the time of install if it
does not already exist. One or more programs are changed so that
TAAJOBCTL becomes the owner. This allows adopting only *JOBCTL special
authority instead of all of the special authorities of QSECOFR.

At the completion of the TAA install, the profile will be:

    PASSWORD(*NONE)
    PWDEXP(*NO)
    STATUS(*DISABLED)
    INLPGM(*NONE)
    INLMNU(*SIGNOFF)
    LMTCPB(*YES)
    SPCAUT(*JOBCTL)

The UPSMON job description (*JOBD) is shipped with a USRPRF value of
QPGMR which is required for an auto start job. The *JOBD is shipped as
*PUBLIC *EXCLUDE. See the discussion of UPSMON in this document.

You should not change the ownership of the tools.

*PUBLIC *CHANGE authority

Most TAA objects allow the *PUBLIC user *USE authority or are
specified as *EXCLUDE. A few objects allow *CHANGE authority. None of
these objects are considered to have a security or integrity issue.

The following objects allow *CHANGE authority:

-   TAASTDBA and TAASTDBK *FILE objects. These are used as test data
    for the DMOSUBF tool. A program exists (TAASTDBC2) that will
    refresh the data.

-   SAVACTRCV and SAVACTRCV2 *MSGQ objects. These message queues are
    used for recovery purposes by the SAVACT tool. The queues are
    cleared by the SAVALLACT or SAVCHGACT commands before submitting
    the processing program to batch. Since the system must be shutdown
    to the restricted state before running either SAVALLACT or
    SAVCHGACT, there is little exposure to allowing *CHANGE authority.

Some *MSGQ objects appear as 'USER DEF'. The message queues allow
*PUBLIC *OBJOPR and *ADD rights in order to allow the *PUBLIC user to
send a message to the queue.

How Security is controlled

Most tools have no specific security considerations. They use normal
system security for accessing and updating objects.

There are several security sensitive tools that exist in the TAATOOL
library. These tools are controlled by one or more of the following:

-   The user must be authorized to an authorization list.

    For example, the INZPWD tool allows a user other than the Security
    Officer to initialize a password. The user must be authorized to
    the TAAINZPWD authorization list to use INZPWD.

-   The user must have *ALLOBJ authority.

    For example, the CHKTAAPRD tool allows a user to check against all
    libraries on the system. To perform an accurate check, any private
    libraries must be accessed.

-   An overt act by the Security Officer is needed such as changing a
    secure system value.

    For example, the DSPPWD tool which displays users passwords will
    not be operational unless the Security Officer changes the
    QPWDVLDPGM system value to name the supplied program. The supplied
    program captures the password when the user makes a change.

-   Instructions exist with the tool that describe how to control
    security. Some tools use objects in the TAASECURE library.

    For example, the DSAUSRPRF tool will allow an Assistant Security
    Officer to disable any user profile if the Assistant Security
    Officer is authorized to the TAADSAPRF authorization list. QSECOFR
    is never allowed to be disabled. Other profiles may be prevented
    from being disabled by the Security Officer entering the names
    into the DSAUSRPRF data area in TAASECURE. See the discussion with
    the DSAUSRPRF tool.

Checking TAA Security

The CHKTAAAUT command may be used to check the current authority on
your system against the authority shipped with the TAA Productivity
Tools.

CHKTAAAUT (using the defaults) will check all authorities to TAA
objects in TAATOOL and TAASECURE and the TAA Authorization Lists in
QSYS. It will also check the authorities for command objects that are
outside of TAATOOL and TAASECURE. Any non *CMD TAA objects that are
outside of TAATOOL and TAASECURE will be flagged.

Deleting security sensitive tools

With proper security in place, the tools that create and change user
profiles may safely exist and be used. However, some installations may
prefer to delete these tools to avoid any possibility of their use.

To assist in this, the DLTSECTOOL is available which will delete any
significant tools that create or change user profiles. You must have
*ALLOBJ and *SECADM special authority to delete these tools or create
them if they have been deleted.

Using DLTSECTOOL will lessen security exposures, but it does not
eliminate what an *ALLOBJ special authority user might do.

Tools that adopt the authority of QSECOFR

Some tools require that the owner's profile (QSECOFR) be adopted
during the running of a program.

All of the programs that adopt the QSECOFR profile do so in a manner
that is designed to perform only the intended function and to prevent
improper use. 'Preventing improper use' means that the programs do one
or more of the following:

-   Execute HLL compiler generated functions that do not invoke any
    user written sub-programs. For example, the CL command CHGDTAARA
    is considered safe as well as an RPG READ or CHAIN Operation.

-   Execute system commands or programs (e.g. APIs).

-   Execute TAA commands by library qualifying the commands to the
    TAATOOL library. TAA commands use a qualified library name. The
    commands executed in this manner are checked so they are
    considered safe.

-   Execute qualified calls to programs in TAATOOL or TAASECURE. The
    sub-programs that are executed also meet these criteria. For
    example, calling a sub program that is library qualified to the
    TAATOOL library is considered a safe function if the sub-program
    performs safe functions.

-   Execute against files that are specified with an Override command
    that specifies SECURE(*YES). This prevents a program higher in the
    program stack from re-directing the program to a different file.

-   Execute TAA commands or programs by first using a program that
    'unadopts'. This means that when the sub-function is run, the user
    operates with his own authority and the program adopt function is
    not considered.

-   All TAA Tool programs are created (by default) so there is no
    observability. This prevents the user from using debug and
    subverting the functions of the programs.

The reason that you must control the system portion of the library
list is that the TAA tools use system commands and APIs without using
QSYS as a library qualifier. If you allow users to have their own
version of a system function ahead of QSYS on the library list, your
security can be compromised with the TAA tools that adopt the security
officer profile (or with any of your own programs that use program
adopt).

Several TAA Archive programs adopt the Security Officers profile in a
safe manner. These programs are not described further because only the
object code is shipped.

Tool Index

The following tools have programs that adopt the owner's user profile
and must be owned by a user with special authority. Some of the tools
take their authorization from an authorization list and some must be
explicitly authorized. The 'AUT' column describes the required
authorization. Notes as to their security follows this table.

                                     Authorization
    Tool        AUT         Note         List
    ----        ---         ----     ------------

    ACCSECLIB   *USE           1      TAAACCSECL
    ADDJOBSCD2  *USE           2      TAAJOBSCDE
    ADPMBR      *USE           3
    ALCTMPMBR   *USE           4
    APYRMTJRN   *USE           5      TAAAPYRMT
    AUDLOG      *USE           6      TAAAUDLOG
    CAPNETA     *USE           7
    CAPSECINF   *USE           8
    CAPSYSINF   *USE           9
    CHGBIGPARM  *USE          10      TAACHGBIGP
    CHGDSTPWD2  *USE          11      TAADSTPWD2
    CHGGRPPRF   *USE          12
    CHGSGNTXT   *USE          13
    CHGUSRPRF2  *USE          14      TAACHGPRF2
    CHGUSRPWD   *USE          15
    CHKASPSTG   *USE          16
    CHKINACT2   *USE          17
    CHKSAVDEV   *USE          18
    CHKSGNCNT   *USE          19
    CHKSPELL    *USE          20
    CHKSPELL2   *USE          21
    CHKTAAOWN   *USE          22
    CHKTAATOOL  *USE          23
    CHKUSRGRP   *USE          24      TAACHKUSRG
    CLNTAATEMP  *USE          25      TAACLNTEMP
    CMPDBF2     *USE          26
    CMPSRC3     *USE          27
    CPYJOBSCDE  *USE          28      TAAJOBSCDE
    CPYUSRPRF2  *USE          29      TAACPYUSR2
    CRTVTP      *USE          30      TAAVTP
    CVTAUDLOG3  *USE          31      TAAAUDLOG
    CVTFRMSPLF  *USE          32      TAACVTSPLF
    CVTIFS      *USE          33      TAACVTIFS
    CVTIFSEAUT  *USE          34      TAACVTIFS
    CVTJOBSCDE  *USE          35      TAAJOBSCDE
    CVTLIBCNT   *USE          36      TAADSPADP
    CVTLIBDBF   *USE          37      TAACVTLIBD
    CVTQHST     *USE          38      TAACVTQHST
    DLTIFS      *USE          39      TAACVTIFS
    DLTJOBLOG   *USE          40      TAACVTQHST
    DLTQHST     *USE          41      TAADLTQHST
    DLTUSRPRF2  *USE          42      TAADLTUSR2
    DLYCMD      *USE          43
    DSAUSRPRF   *USE          44      TAADSAPRF
    DSPADP      *USE          45      TAADSPADP
    DSPALLSPLF  *USE          46      TAAALLSPLF
    DSPCMDHLP   *USE          47
    DSPDSTQ     *USE          48
    DSPGRPPRF   *USE          49
    DSPJOB3     *USE          50
    DSPJOBLOG4  *USE          51      TAASPLSEC
    DSPJRNA     *USE          52
    DSPJRNRCVD  *USE          53
    DSPLIBSRCF  *USE          54
    DSPOBJD4    *USE          55      TAADSPOBJ4
    DSPPWD      *USE          56
    DSPQHST2    *USE          57      TAACVTQHST
    DSPSECRVW   *USE          58      TAASECRVW
    DSPSPLF2    *USE          59
    DSPSYS      *USE          60
    DSPUSRJOB   *USE          61      TAAJOBCTL
    DSPUSRPRF2  *USE          62      TAADSPUSR2
    DSPUSRTXT   *USE          63
    DSPWTR      *USE          64
    DTAARAARC   *USE          65
    DUPFILFMT2  *USE          66      TAADBOHC2
    DUPSPLF     *USE          67      TAADUPSPLF
    DUPTAADBF   *USE          68
    EDTAUTL2    *USE          69
    EDTDBF      *USE          70      TAAEDTDBF
    EDTOBJAUT2  *USE          71
    ENAUSRPRF   *USE          72      TAAENAUSR
    ENDTAALIC   *USE          73
    EXCJOBCTL   *USE          74      TAAJOBCTL
    FRCJOBLOG   *USE          75
    Install     *USE          76      TAAINSTALL
    INZPWD      *USE          77      TAAINZPWD
    JOBACG      Varies        78      TAAJOBACG
    JOBANZ      Varies        79
    JOBANZ      *USE          80
    JOBDEP      Varies        81
    JOBTALK     Varies        82      TAAJOBTALK
    LMTDLTSPL2  *USE          83
    LOCKMSG     *USE          84
    MTNALLJRN   *USE          85      TAAMTNJRN
    NAMADR      *USE          86
    NBRCTR      *USE          87
    NTEFIL      *USE          88
    PAGSEP      *USE          89
    PRTJOBSUM   *USE          90      TAACVTQHST
    PRTLIBCNT   *USE          91      TAADSPADP
    PRTSAVCNT   *USE          92      TAADSPADP
    PRTSAVLBL   *USE          93
    QRYUSE      *USE          94
    RCLSTG2     *USE          95      TAARCLSTG2
    RMVSYSLIBE  *USE          96
    RSTALLCHG   *USE          97      TAARSTALLC
    RSTALLLIB   *USE          98      TAARSTALLC
    RSTANYLIB   *USE          99      TAARSTANYL
    RSTFIL      *USE         100      TAARSTFIL
    RSTMNYCHG   *USE         101      TAARSTALLC
    RSTMNYLIB   *USE         102      TAARSTALLC
    RTVHDWRSC   *USE         103
    RTVIFSEAUT  *USE         104
    RTVIFSPATH  *USE         105
    RTVIPLTIM   *USE         106
    RTVJOBAPI   *USE         107
    RTVJOBSCDE  *USE         108      TAAJOBSCDE
    RTVMSKPWD   *USE         109
    RTVTIMSTM2  *USE         110
    RTVTRNTBL   *USE         111
    RTVUSRPRF2  *USE         112      TAARTVUSR2
    SAVACT      *USE         113
    SAVALLCHG   *USE         114      TAASAVALLC
    SAVCHG23    *USE         115      TAASAVALLC
    SAVE2       *USE         116
    SAVLIBSAVF  *USE         117
    SBMJOB2     *USE         118      TAASBMJOB2
    SETDAYLITE  *USE         119
    SHOUT       *USE         120
    SNDAUDE     *USE         121
    SNDGRPPRF   *USE         122      TAASNDGRP
    SNDTIMMSG   *USE         123
    SNDUSGMSG   *USE         124      TAASNDUSG
    SNDUSRBRK   *USE         125      TAASNDBRK
    SNDUSRBRK   *USE         126
    SPLCTL      *USE         127
    SPLDST      *USE         128      TAASPLDST
    SPLSTO      *USE         129
    SRCCTL      *USE         130
    UPSMON      *USE         131
    VRYCFG2     *USE         132      TAAVRYCFG
    VRYCFGOFF   *USE         133      TAAVRYCFGO
    WHO         *USE         134
    WRKALLSPLF  *USE         135      TAAALLSPLF
    WRKDSAUSR   *USE         136      TAAENAUSR

1.  The user that creates ACCSECLIB must have *ALLOBJ authority. The
    list of libraries that are valid to use is controlled by the
    ACCSECLIB data area in TAASECURE. Use EDTCONARR to change the
    list. The data area is shipped with QGPL as a sample library. This
    does not make QGPL secure, but allows testing of the ACCSECLIB
    command with a library that you would normally not care if a user
    displayed or copied an object from. Any user of the ACCSECLIB
    command, must be authorized to the TAAACCSECL authorization list.
    See the implementation instructions for the tool.

2.  The Job Schedule tools require use of the TAAJOBSCDE authorization
    list.

3.  The ADPMBR tool checks for the valid files to be used in the
    ADPMBR data area in TAASECURE. The data area should be maintained
    with EDTCONARR.

4.  The ALCTMPMBR commands use the TAATMP* temporary files in TAATOOL.
    These files are shipped with *PUBLIC *EXCLUDE Users must be
    explicitly authorized to these files to add and clear members in a
    controlled manner.

5.  Most of the APYRMTJRN commands are *PUBLIC. STRAPYRMT, ENDAPYRMT,
    SNDAPYRMTE, and CRTAPYRMTD are controlled by the TAAAPYRMT
    authorization list. The STRAPYRMT, ENDAPYRMT, and SNDAPYRMTE
    program adopt authority to allow operators to control the
    function. Several batch jobs are submitted by STRAPYRMT and they
    all adopt to allow the programs to operate on any object. The
    TAAJRODC46 and TAAJRODC47 programs adopt to allow the create of a
    file from the TAA Archive.

6.  The CVTAUDLOG command of the AUDLOG tool adopts authority and
    requires a user to be authorized to the TAAAUDLOG authorization
    list. This allows an operator to be able to do the conversion from
    the QAUDJRN on a regular basis. CVTAUDLOG is the only command in
    AUDLOG that requires authorization to the TAAAUDLOG authorization
    list. Most of the other functions are controlled by the owner of
    the files created by CRTAUDLOG. CVTAUDLOG3 also requires
    authorization to TAAAUDLOG. The TAASEDSC23 program adopts QSECOFR
    authority to display a detail journal entry from the journal
    itself (Option 7 on DSPAUDLOG). The program prevents a user who
    does not have *USE authority to the AUDLOGP file from being able
    to use this function.

7.  The CAPNETA command is public. The current network attributes are
    stored in the NETWRKATTR data area in TAASECURE. The companion
    command (RTNNETA) requires a user with *ALLOBJ special authority.

8.  The CAPSECINF TAASEGMC12 program adopts to access the values from
    the CAPSECINF Application Value in TAASECURE.

9.  The users of the CAPSYSINF commands must have *ALLOBJ authority.
    The library created by CRTSYSINF is *PUBLIC *EXCLUDE.

10. The programs TAATMPAC and TAATMPAC2 of the CHGBIGPARM tool are
    secured by the TAACHGBIGP authorization list.

11. CHGDSTPWD2 allows any user authorized to the TAADSTPWD2
    authorization list to reset the DST password.

12. The user of the CHGGRPPRF command must be explicitly authorized to
    the profile in order to change group profiles.

13. The CHGSGNTXT programs TAADSPLC and TAADSPLC3 require *JOBCTL and
    adopt to update the TAAMSGF in TAATOOL.

14. The program TAASEDHC of the CHGUSRPRF2 tool is secured by the
    TAACHGPRF2 authorization list.

15. The CHGUSRPWD tool requires the Security Officer to change the
    QPWDVLDPGM system value in order to be operational.

16. The CHKASPSTG command uses two sub programs that adopt to access
    the CHKASPSTG Application Value in TAASECURE.

17. The TAAJOEJC23 and TAAJOEJC25 programs adopt to access the
    Application Value CHKINACT2 in TAASECURE. The TAAJOEJC24 program
    adopts to access the user text description from the profile used
    in WRKINACT2. Both programs perform read only functions and are
    considered safe.

18. The CHKSAVDEV command is public, but the user must have *SAVSYS or
    *ALLOBJ special authority (or adopt *ALLOBJ). Using adoption for
    the sub program allows for the CHKSAVDEV data area to be saved,
    restored to QTEMP, and deleted from QTEMP.

19. The CHKSGNCNT program TAASEFGC adopts authority to access objects
    in TAASECURE. No changes occur.

20. The spelling RPG programs adopt to avoid a system bug requiring
    special authorization.

21. The spelling RPG programs adopt to avoid a system bug requiring
    special authorization.

22. The CHKTAAOWN tool is for internal use and checks critical
    programs to see if they are owned by an *ALLOBJ user and still
    tied to the same *AUTL used at create time.

23. The CHKTAATOOL command is public. Objects are accessed for read
    only. No updates occur.

24. The CHKUSRGRP tool uses the TAASELCC program to allow a user
    authorized to the TAACHKUSRG *AUTL to run the command. The program
    adopts to avoid the requirement for *ALLOBJ.

25. The programs TAATMPBC and TAATMPBC3 of the CLNTAATEMP tool are
    secured by the TAACLNTEMP authorization list.

26. The CMPDBF2 program TAADBLPC adopts to allow the use of the CLPDBR
    tool against the file. The file is only read and compared against
    a copy of the same file made at a previous time.

27. The CMPSRC3 command adopts to allow use of the work files NEWSRCP
    and OLDSRCP in TAATOOL.

28. You must be authorized to the TAAJOBSCDE authorization list to use
    CPYJOBSCDE.

29. The CPYUSRPRF2 command is an option on the SECOFR2 menu and
    requires authorization to the TAACPYUSR2 authorization list.

30. The TAATAPNC, TAATAPNC2, TAATAPNC4, TAATAPNC5, TAATAPNC6,
    TAATAPNC7, and TAATAPNC11 programs adopt to ensure access to
    various functions. The user must be authorized to the TAAVTP
    authorization list.

31. The program TAASEDWC of the CVTAUDLOG3 tool is secured by the
    TAAAUDLOG authorization list.

32. The CVTFRMSPLF tool uses the TAACVTSPLF authorization list for the
    CVTTOSPLF command. This command uses an API which requires *ALLOBJ
    authority to create a spooled file. The CVTTOSPLF processing
    program is controlled by the authorization list and adopts QSECOFR
    authority.

33. The CVTIFS program TAAIFSAC adopts authority, but requires the
    user to be authorized to the TAACVTIFS authorization list.

34. The CVTIFSEAUT program TAAIFSPC adopts authority, but requires the
    user to be authorized to the TAACVTIFS authorization list.

35. The Job Schedule tools require use of the TAAJOBSCDE authorization
    list.

36. The TAALICEC program of the CVTLIBCNT tool is secured by the
    TAADSPADP authorization list.

37. The TAACVTLIBD authorization list is tested to allow access to
    CVTLIBDBF for library special values such as *ALL. No objects are
    authorized to the list. The TAADBHCC program adopts.

38. The TAAHSTAC program is secured by the TAACVTQHST authorization
    list.

39. You must be authorized to the TAACVTIFS authorization list and
    must have *OBJEXIST rights to the object to be deleted.

40. The TAALOGFC program of the DLTJOBLOG tool is secured by the
    TAACVTQHST authorization list.

41. The command DLTQHST and the TAAHSTBC CL program are created so
    they may not be executed unless a user is authorized to the
    TAADLTQHST authorization list.

42. The program TAASEDTC of the DLTUSRPRF2 tool is secured by the
    TAADLTUSR2 authorization list.

43. The DLYCMD program TAAJOBKC11 adopts authority to access the
    DLYCMD *DTAARA information from the TAASECURE library. There are
    no known exposures as this is a 'read only' access.

44. The program TAASEDFC of the DSAUSRPRF tool is secured by the
    TAADSAPRF authorization list.

45. Users of all of the DSPxxxA commands of the DSPADP tool must be on
    the TAADSPASP authorization list with *USE authority.

46. The DSPALLSPLF and WRKALLSPLF tools tool allow any user to display
    his own spooled files. The TAAALLSPLF authorization list allows a
    user to display spooled files owned by other users. Both the
    TAASPMSR program (part of WRKALLSPLF), and TAASPMMR program (part
    of DSPALLSPLF) adopt, but ensure that the user has *USE authority
    to TAAALLSPLF if a user other than *CURRENT is specified.

47. The DSPCMDHLP command allows any user to display the help text for
    any command regardless of the authorization. The command is never
    run by DSPCMDHLP.

48. The DSPDSTQ tool command adopt the QSECOFR profile to provide a
    public 'display only' version of WRKDSTQ.

49. The DSPGRPPRF program TAASEGWC2 adopts QSECOFR to allow the use of
    the DSPUSRPRF outfile function to the TAASECKP file in TAASECURE.
    CVTGRPPRF then reads this file and creates the GRPPRFP program in
    QTEMP which contains the user profile records for each group
    member. TAASEGWC2 ensures that the profile is a group profile and
    that the user has 'all rights' to the group profile.

50. The DSPJOB3 program TAAJODCC adopts authority of the TAAJOBCTL
    user profile to allow a display of any job. The user must have
    *JOBCTL authority or be authorized to the TAAJOBCTL authorization
    list.

51. The DSPJOBLOG4 TAASPOBC program adopts to allow *ALLOBJ and
    *SPLCTL. The user of the command must be authorized to the
    TAASPLSEC authorization list.

52. The DSPJRNA and DSPJRNRCVD programs (TAAJROPC and TAAJRORC) adopt
    to allow a 'display only' function of the journal and receiver
    directory. The user must have *OBJOPR authority to the journal.
    This allows operation personnel to see the journal and the
    directory without having WRK options. The journal entries are not
    displayed.

53. The DSPJRNA and DSPJRNRCVD programs (TAAJROPC and TAAJRORC) adopt
    to allow a 'display only' function of the journal and receiver
    directory. The user must have *OBJOPR authority to the journal.
    This allows operation personnel to see the journal and the
    directory without having WRK options. The journal entries are not
    displayed.

54. The DSPLIBSRCF CL program ensures the user has *USE authority to
    the specified library. The QSECOFR profile is adopted because the
    QADBXREF file cannot be used by the public.

55. The DSPLIBSRCF CL program ensures the user has *USE authority to
    the specified library. The QSECOFR profile is adopted because the
    QADBXREF file cannot be used by the public.

56. The DSPPWD processing program must be available for public usage
    to allow any user to change his password. The secure functions
    require the user be authorized to the TAASECURE library which is
    created AUT(*EXCLUDE).

57. The TAAHSTEC program of the CVTQHST2 command of the DSPQHST2 tool
    is secured by the TAACVTQHST authorization list.

58. The command assumes that the user profile information exists in a
    file in TAASECURE. The information in the file can only be
    accessed by a user with *ALLOBJ authority or if specifically
    authorized to the TAASECRVW authorization list.

59. One program within the DSPSPLF2 command is used to access the
    system defaults from the DSPSPLF2 user space in TAASECURE.

60. DSPSYS uses a sub program to access the last change date of QINITT
    which is excluded to the public.

61. The user must have at least *USE authority to the TAAJOBCTL
    authorization list.

62. The user must be authorized to the TAADSPUSR2 authorization list.
    The DSPUSRPRF2 command adopts the Security Officers profile to
    execute the DSPUSRPRF command. The command is intended for
    Assistant Security Officers who do not have the full power of the
    QSECOFR profile.

63. DSPUSRTXT displays the user's text description based on entering
    the user profile name.

64. The DSPWTR tool uses the TAAPRTOC11 program to allow DSPWTRSTS.
    The program adopts to avoid the requirement for *JOBCTL.

65. The DTAARAARC tool command STRARAARC adopts to allow a change of
    the user attribute for the created save files. This ensures they
    were created by the tool.

66. The DUPFILFMT2 tool uses the TAADBOHC2 program to allow any user
    to be able to duplicate a file format (create a new file) without
    being authorized to the file. The data is not copied.

67. The DUPSPLF command requires authorization to the TAADUPSPLF
    authorization list. To change to a new owner requires
    authorization to the TAASPLDST authorization list.

68. DUPTAADBF allows only specific files from TAATOOL to be duplicated
    when outfiles are requested. This is intended for internal use by
    TAA tools.

69. The program TAASEFAC5 of the EDTAUTL2 tool adopts authority of the
    of QSECOFR to access Application Value data from TAASECURE. There
    are no known exposures as this is a 'read only' access.

70. The EDTDBF command checks the TAAEDTDBF authorization list if the
    user is not the owner of the file. No objects are authorized to
    the list.

71. The EDTOBJAUT2 program TAASECFC5 adopts authority of the of
    QSECOFR to access Application Value data from TAASECURE. There are
    no known exposures as this is a 'read only' access.

72. To use ENAUSRPRF, a user must be authorized to the TAAENAUSR
    authorization list. No user (unless he has *ALLOBJ authority) can
    use ENAUSRPRF until he is granted authority to TAAENAUSR.

73. The ENDTAALIC command adopts to allow access to a data area in in
    TAATOOL.

74. The Execute Using *JOBCTL tool adopts the QSECOFR *JOBCTL
    authority. The command is restricted to those users authorized to
    the TAAJOBCTL authorization list.

75. The FRCJOBLOG command of the SETJOBLOG tool adopts authority
    because the intent is to make the SIGNOFF command private. If you
    secure the SIGNOFF command, this may have implications for the use
    of other TAA Tools or your own code.

76. The special install programs TAATOLUx exist in TAATOOL to allow a
    subsequent install to be done by a user who is authorized to the
    TAAINSTALL authorization list.

77. The Initialize Password tool is designed for Assistant Security
    Officers to be able to reset a user's password. The user of
    INZPWD, INZPWD2, INZPWD3 must be authorized to the TAAINZPWD
    authorization list.

78. The Job Accounting tool has two commands (CVTJOBACG and
    CVTJOBACG2) that adopt QSECOFR authority. Use of the commands is
    restricted to users who are authorized to the TAAJOBACG
    authorization list. The Print Accounting tools has the same two
    commands (CVTPRTACG and CVTPRTACG) that adopt QSECOFR and also use
    TAAJOBACG.

79. Only an *ALLOBJ user can use CRTJOBANZ, CRTJOBHST, DLTJOBANZ, or
    DLTJOBHST. When the files are created, they are specified as
    *PUBLIC *EXCLUDE. Other commands in the tool have various security
    requirements restricting their use. See the command documentation
    for details.

80. The JOBANZ TAAJOEAC27 program adopts to access a value from the
    JOBANZ Application Value in TAASECURE.

81. The JOBDEP program TAAJODFC24 adopts to access (read only) the
    JOBDEP Application Value in TAASECURE. The TAAJODFR45 program
    adopts to update the Master and Detail files with start and end
    information.

82. The Job Talk tool uses an authorization list for the SNDJOBTALK
    command and CL program. Sub programs used by STRJOBTALK and
    SNDJOBTALK and the break handling program set by STRJOBTALK use
    adopted programs to access data areas in TAASECURE. CLNJOBTALK
    uses adopted authority to delete unused TAAnnnnnn message queues
    in the TAAWORK library. This allows the first user of the
    STRJOBTALK command each day to automatically submit a batch job
    for cleanup. CLNJOBTALK allows public use, but may be used at any
    time by any user without harm to the Job Talk function.

83. LMTDLTSPL2 must access a data area in TAASECURE to validate
    whether the spooled file should be deleted.

84. There is no known exposure with the LOCKMSG function unless you
    restrict which users are allowed to send messages to other users.
    The programs TAADBFFC, TAADBFFE, TAADBFFF, and TAADBFFG adopt.

85. MTNALLJRN allows the maintenance of all journals. Using an
    authorization list allows the system operator to perform the
    function without having excess authorization on the journals.

86. The CRTNAMEDT command requires some special authority to duplicate
    the command object. It is the only function that adopts authority.

87. The RTVNBRCTR command accesses the NBRCTR user space and updates
    the counter.

88. The NTEFIL MTNNTEFIL command uses a sub program that adopts to
    allow clearing and writing to the backup file TAANTEAT in TAATOOL.

89. The PAGSEP tool uses TAASPMDC to access the setting of the
    TAAPAGSEPn application value in TAASECURE. It provides a 'read
    only' function. The TAASPMDC2 program is the sample program which
    allows access to the text of a passed in user profile name.

90. The PRTJOBSUM command requires authorization to the TAACVTQHST
    authorization list to allow reading the QHST files.

91. The PRTLIBCNT and PRTSAVCNT tools can operate across the entire
    system for 'read only' purposes. The command and processing
    programs are controlled by the TAADSPADP authorization list.

92. The PRTLIBCNT and PRTSAVCNT tools can operate across the entire
    system for 'read only' purposes. The command and processing
    programs are controlled by the TAADSPADP authorization list.

93. The PRTSAVLBL tool uses TAASAVQC2 to access the setting of the
    PRTSAVLBL application value in TAASECURE. It provides a 'read
    only' function.

94. The QRYUSE tool CVTQRYUSE command calls a sub program TAAWHRDC15
    to delete a restored object in QTEMP. Only a DLTQRY command is
    used and the object must be in QTEMP.

95. The RCLSTG2 command and program require authorization to the
    TAARCLSTG2 authorization list.

96. The command RMVSYSLIBE is public, but the only valid libraries are
    those that exist in the RMVSYSLIBE data area in TAASECURE. The
    data area is shipped with no libraries entered. QSYS is always
    rejected.

97. The user must be authorized to the TAARSTALLC authorization list.
    This is the same authorization list used by RSTALLLIB and
    RSTMNYLIB.

98. The user must be authorized to the TAARSTALLC authorization list.
    This is the same authorization list used by RSTALLLIB and
    RSTMNYLIB.

99. The user of the command must be authorized to the TAARSTANYL
    authorization list.

100. The RSTFIL command prompts for the RSTOBJ command and requires
     the use of the RSTOBJ library where only files may be restored.

101. The user must be authorized to the TAARSTALLC authorization list.
     This is the same authorization list used by RSTALLLIB and
     RSTMNYLIB.

102. The user must be authorized to the TAARSTALLC authorization list.
     This is the same authorization list used by RSTALLLIB and
     RSTMNYLIB.

103. The RTVHDWRSC tool must use an API that is shipped as
     PUBLIC(*EXCLUDE). No known exposures exist by adopting the
     QSECOFR profile.

104. The RTVIFSEAUT program TAAIFSNC adopts authority in order to
     determine the current users authority.

105. The CHKIFSPATH command of the RTVIFSPATH tool requires the user
     to be on the TAACVTIFS authorization list.

106. The command adopts the authority of QSECOFR to avoid having to
     grant users explicit authority to use the system program QWCCRTEC
     whose only purpose is to produce a short QPSRVDMP spooled file.

107. The Retrieve Job API tool is a program that adopts the QSECOFR
     profile to allow retrieval from the QUSRJOBI API formats without
     having *JOBCTL special authority. Nothing can be changed from the
     program. The tool is used by other tools such as DSPACTJOB. The
     program is unlikely to be used by a typical user because it
     requires a complex parameter list be passed including the
     internal job ID which cannot be determined without writing a
     program that uses an API.

108. The Job Talk tool uses an authorization list for the SNDJOBTALK
     command and CL program. Sub programs used by STRJOBTALK and
     SNDJOBTALK and the break handling program set by STRJOBTALK use
     adopted programs to access data areas in TAASECURE. CLNJOBTALK
     uses adopted authority to delete unused TAAnnnnnn message queues
     in the TAAWORK library. This allows the first user of the
     STRJOBTALK command each day to automatically submit a batch job
     for cleanup. CLNJOBTALK allows public use, but may be used at any
     time by any user without harm to the Job Talk function.

109. The RTVMSKPWD TAASEGQC and TAASEGQC2 programs adopt security to
     the MSKPWDP file in TAASECURE.

110. The RTVTRNTBL command retrieves the name of the system wide
     Translate Table found in the TAATRNTBL data area in TAASECURE.
     The command allows *PUBLIC use, but no known security exposures
     exist.

111. The RTVTRNTBL command retrieves the name of the system wide
     Translate Table found in the TAATRNTBL data area in TAASECURE.
     The command allows *PUBLIC use, but no known security exposures
     exist.

112. RTVUSRPRF2 allows the basic attributes of any user profile to be
     retrieved if the user is authorized to the TAARTVUSR2
     authorization list.

113. The SAVACT program TAASAVUC24 adopts authority to access all
     libraries for EDTSAVACT to edit the TAASAVACTP file. The
     TAASAVUC25 program adopts authority to access the SAVACT
     Application Value in TAASECURE.

114. The TAASAVCC, TAASAVCC2, and TAASAVCC3 programs of the SAVALLCHG
     tool are secured by the TAASAVALLC authorization list.

115. The SAVCHG23 program TAASAVWC adopts authority, but requires the
     user to be authorized to the TAASAVALLC authorization list.

116. The SAVE2 programs TAASAVTC9 and TAASAVTC7 adopt authority to
     access the SAVE2 *USRSPC information and DLYCMD *DTAARA objects
     from the TAASECURE library. There are no known exposures as this
     is a 'read only' access.

117. The SAVLIBSAVF TAASAWBC11 adopts only to allow the CHGOBJD tool
     to be used to set the user attribute of a save file.

118. The SBMJOB2 and SBMJOB3 commands are each tied to unique
     authorization lists.

119. The SETDAYLITE programs adopt to allow the job to run under the
     QSECOFR profile. This avoids the potential problem of the user
     profile of the job being deleted when the function is scheduled.

120. A sub program is used by SHOUT to be able to access the user
     class of any user.

121. The SNDAUDE function adopts the QSECOFR profile to allow sending
     an entry to the QAUDJRN journal which may be *PUBLIC *EXCLUDE.

122. SNDGRPPRF adopts to allow access to all user profiles in order to
     determine the current groups and to allow break messages to be
     sent.

123. Several programs adopt to allow any user to start the SNDTIMMSG
     job and use SNDTIMMSG.

124. SNDUSGMSG adopts to allow break messages to be sent.

125. The SNDUSRBRK2 command requires authorization to the TAASNDBRK
     authorization list.

126. The SNDUSRBRK command must adopt to allow any user to send a
     break message (normally requires *JOBCTL special authority). The
     command is restricted to operate only in an CL program.

127. The TAASPLIC20 program for SPLCTL adopts to allow update of the
     SPLCTLRCV and SPLCTLRCV2 recovery data areas in TAATOOL.

128. The DUPSPLDST command within SPLDST is used to cause DUPSPLF.

129. The SPLSTO TAASPMRR2 and TAASPMRR25 programs adopt to allow
     *CHANGE authority to the spool store files while updates are
     occurring.

130. The SRCCTL tool checks the authorization to a data area in the
     same library as the source control files before allowing the
     CHKSRCOUT or CHKSRCIN commands to operate.

131. The UPSMON TAASYTLC13 program adopts QSECOFR to allow a display
     of the UPSMON values. The TAASYTLC12 program adopts QSECOFR to
     provide for an orderly powerdown. The UPSMON *JOBD is shipped
     with *PUBLIC *EXCLUDE. It contains the value USRPRF = QPGMR which
     is required for an auto start job. If STRUPSMON2 is run, an auto
     start job entry is added to the controlling subsystem and QPGMR
     is authorized to *USE for the job description.

132. The VRYCFG2 tool uses the TAAVRYCFG authorization list to allow a
     user without *JOBCTL to use a simple version of VRYCFG.

133. The TAACFGGC program of the VRYCFGOFF command is secured by the
     TAAVRYCFGO authorization list.

134. The WHO command accesses the TAASECURE library if the default is
     taken for CPUPCTLMT. There are no known exposures as this is a
     'read only' access.

135. The DSPALLSPLF and WRKALLSPLF tools tool allow any user to
     display his own spooled files. The TAAALLSPLF authorization list
     allows a user to display spooled files owned by other users. Both
     the TAASPMSR program (part of WRKALLSPLF), and TAASPMMR program
     (part of DSPALLSPLF) adopt, but ensure that the user has *USE
     authority to TAAALLSPLF if a user other than *CURRENT is
     specified.

136. The user of the command must have at least *USE authority to the
     TAAENAUSR Authorization List. This is the same *AUTL used by the
     ENAUSRPRF tool.

Program Index

The following programs adopt the owner's user profile. You can see
which tool they belong too. Notes as to their security follow this
table.

    Program     Tool         Note
    -------     ----         ----

    TAADBFFC    LOCKMSG        1
    TAADBFFE    LOCKMSG        2
    TAADBFFF    LOCKMSG        3
    TAADBFFG    LOCKMSG        4
    TAASEDSC23  AUDLOG         5
    TAASPMDC    PAGSEP         6
    TAASPMDC2   PAGSEP         7
    TAASAVQC2   PRTSAVLBL      8
    TAASPMMR    DSPALLSPLF     9
    TAASPMSR    WRKALLSPLF    10
    TAASAVTC7   SAVE2         11
    TAASAVTC9   SAVE2         12
    TAAJOBKC11  DLYCMD        13
    TAAJODCC    DSPJOB3       14
    TAASEFAC5   EDTAUTL2      15
    TAASECFC5   EDTOBJAUT2    16
    TAASAVUC24  SAVACT        17
    TAASAVUC25  SAVACT        18
    TAAIFSNC    RTVIFSEAUT    19
    TAAJODFC24  JOBDEP        20
    TAAJODFR45  JOBDEP        21
    TAADSPLC    CHGSGNTXT     22
    TAADSPLC3   CHGSGNTXT     23
    TAASEFGC    CHKSGNCNT     24
    SNDAUD      SNDAUDE       25
    TAAJRODC46  APYRMTJRN     26
    TAAJRODC47  APYRMTJRN     27
    TAAIFSAC    CVTIFS        28
    TAAIFSPC    CVTIFSEAUT    29
    TAASAVWC    SAVCHG23      30
    TAASYTLC12  UPSMON        31
    TAASYTLC13  UPSMON        32
    TAASAWBC11  SAVLIBSAVF    33
    TAASPMRR2   SPLSTO        34
    TAASPMRR25  SPLSTO        35
    TAASEGMC12  CAPSECINF     36
    TAAJOEAC27  JOBANZ        37
    TAASPLIC20  SPLCTL        38
    TAASEGQC    RTVMSKPWD     39
    TAASEGQC2   RTVMSKPWD     40
    TAASPOBC    DSPJOBLOG4    41
    TAATAPNC    CRTVTP        42
    TAATAPNC11  CRTVTP        43
    TAATAPNC2   CRTVTP        44
    TAATAPNC4   CRTVTP        45
    TAASEGWC2   DSPGRPPRF     46
    TAAJOEJC23  CHKINACT2     47
    TAAJOEJC24  CHKINACT2     48
    TAAJOEJC25  CHKINACT2     49
    TAADBLPC    CMPDBF2       50
    TAAJROPC    DSPJRNA       51
    TAAJRORC    DSPJRNRCVD    52
    TAAWHRDC15  QRYUSE        53
    TAAPRTOC11  DSPWTR        54
    TAASELCC    CHKUSRGRP     55
    TAADBOHC2   DUPFILFMT2    56
    TAADBINC    CRTXREFLF     57
    TAADBIUR13  TAAQRY        58
    TAADBKXR2   NAMADR        59
    TAADSQAC    DSPDSTQ       60
    TAAEMLEC21  MAILADR       61
    TAAGAMAC    HORSERACE     62
    TAAHSTGC    RTVLSTQHST    63
    TAAIFSMC    RTVIFSED      64
    TAAIFSMC2   RTVIFSED      65
    TAAIFULC    CHKIFSSAV     66
    TAAJBSEC2   DSPJOBSCDE    67
    TAAJOBAC2   WHO           68
    TAAJOCEC2   DSPSBSJOB     69
    TAAJOCHC    RTVJOBAPI     70
    TAAJOCKC11  JOBTALK       71
    TAAJOCKC14  JOBTALK       72
    TAAJOCKC22  JOBTALK       73
    TAAJOCKC3   JOBTALK       74
    TAAJODJC11  CHKINACT      75
    TAAJODZC3   DSPUSRJOB     76
    TAAARARC25  DTAARAARC     77
    TAACMEYC    DSPCMDHLP     78
    TAAJODIC2   DSPSBSJOBQ    79
    TAAJRODC35  APYRMTJRN     80
    TAAJRODC59  APYRMTJRN     81
    TAALIBQC    RMVSYSLIBE    82
    TAALOGAC2   SETJOBLOG     83
    TAALOGHR    DSPALLJLG     84
    TAAMBRJC    ADPMBR        85
    TAAMBRJC2   ADPMBR        86
    TAAMBRJC3   ADPMBR        87
    TAAMNUAC21  DYNMNU        88
    TAAMSGLC2   SHOUT         89
    TAAMSGSC    SNDTIMMSG     90
    TAAMSGSC9   SNDTIMMSG     91
    TAAMSHJC    SNDUSRBRK     92
    TAANAMAC9   NAMADR        93
    TAANETDC    CAPNETA       94
    TAANTEAC23  NTEFIL        95
    TAAOBJRC    CRTDUPPF      96
    TAARPGCC    RPGVALCHK     97
    TAASAVNC2   CHKSAVDEV     98
    TAASECCC2   DSPPWD        99
    TAASECHC2   CPYUSRPRF    100
    TAASECIC3   CHGUSRPWD    101
    TAASECJC    CHGGRPPRF    102
    TAASEDBC3   SECOFR2      103
    TAASEEFC    CHKPGMOWN    104
    TAASEFZC    DSPUSRTXT    105
    TAASEGDC    RTVUSRTXT    106
    TAASEGQC    RTVMSKPWD    107
    TAASEGQC2   RTVMSKPWD    108
    TAASPLSC3   LMTDLTSPL2   109
    TAASPLWC9   DSPSPLF2     110
    TAASPMRC22  SPLSTO       111
    TAASPNAC2   CPYSPLFIFS   112
    TAASPNXC    RTVSPLSIZ    113
    TAASRCBC    CMPSRC3      114
    TAASRCHC    SRCCTL       115
    TAASRCHC2   SRCCTL       116
    TAASRDJC    DSPLIBSRCF   117
    TAASRDKC    FNDSRCMBR    118
    TAASRDVC    RTVLIBSRCF   119
    TAASREEC10  CHKOBJSRC    120
    TAASREHC3   CPYSRCHDR    121
    TAASREIC2   CRTSTDSRCF   122
    TAASYSKC3   DSPSYS       123
    TAASYSXC    RTVHDWRSC    124
    TAASYTKC    RTVIPLTIM    125
    TAASYTMC4   CAPSYSINF    126
    TAASYTPC2   CHKASPSTG    127
    TAASYTPC3   CHKASPSTG    128
    TAATAPNC5   CRTVTP       129
    TAATAPNC7   CRTVTP       130
    TAATAPNC6   CRTVTP       131
    TAATCPGC    RTVHOSTNAM   132
    TAATIMNC11  DSPTIMZON    133
    TAATMPCC    ALCTMPMBR    134
    TAATMPCC2   ALCTMPMBR    135
    TAATOMOC    CHKTAAOWN    136
    TAATRNAC    RTVTRNTBL    137
    TAASECIC2   CHGUSRPWD    138
    TAATOMHC    DUPTAADBF    139
    TAASEGYC2   WRKDSAUSR    140
    TAAOBLKC    DSPOBJD4     141
    TAATOLXC    CPYTAADDS    142
    TAADBHCC    CVTLIBDBF    143
    TAAMSHWC2   SNDINTMSG    144
    TAAACGBC2   JOBACG       145
    TAAACGBC7   JOBACG       146
    TAAACGDC    CVTJOBACG3   147
    TAAACGEC2   PRTACG       148
    TAAACGEC7   PRTACG       149
    TAAADPAC    DSPADP       150
    TAAADPAC10  DSPADP       151
    TAAADPAC11  DSPADP       152
    TAAADPAC12  DSPADP       153
    TAAADPAC13  DSPADP       154
    TAAADPAC14  DSPADP       155
    TAAADPAC15  DSPADP       156
    TAAADPAC2   DSPADP       157
    TAAADPAC3   DSPADP       158
    TAAADPAC4   DSPADP       159
    TAAADPAC5   DSPADP       160
    TAAADPAC6   DSPADP       161
    TAAADPAC7   DSPADP       162
    TAAADPAC8   DSPADP       163
    TAAADPAC9   DSPADP       164
    TAACFGEC    VRYCFG2      165
    TAACFGGC    VRYCFGOFF    166
    TAAHSTAC    CVTQHST      167
    TAAHSTBC    DLTQHST      168
    TAAHSTEC    DSPQHST2     169
    TAAIFSRC    CVTIFSAUT    170
    TAAJBSAC    RTVJOBSCDE   171
    TAAJBSBC    CVTJOBSCDE   172
    TAAJBSCC    ADDJOBSCD2   173
    TAAJBSDC    CPYJOBSCDE   174
    TAAJOCIC    EXCJOBCTL    175
    TAAJOCXC    PRTJOBSUM    176
    TAAJRODC    APYRMTJRN    177
    TAAJRODC2   APYRMTJRN    178
    TAAJRODC9   APYRMTJRN    179
    TAAJROJC    MTNALLJRN    180
    TAALICEC    CVTLIBCNT    181
    TAALICFC    PRTLIBCNT    182
    TAALOGFC    DLTJOBLOG    183
    TAAMSHDC    SNDGRPPRF    184
    TAAMSHEC    SNDUSGMSG    185
    TAARCLAC    RCLSTG2      186
    TAARSTAC    RSTALLCHG    187
    TAARSTBC    RSTANYLIB    188
    TAARSTCC    RSTFIL       189
    TAARSTDC    RSTALLLIB    190
    TAARSTFC    RSTMNYLIB    191
    TAARSTIC    RSTMNYCHG    192
    TAASAVCC    SAVALLCHG    193
    TAASAVCC2   SAVALLCHG    194
    TAASAVCC3   SAVALLCHG    195
    TAASAVSC    PRTSAVCNT    196
    TAASECBC    ACCSECLIB    197
    TAASECLC    ENAUSRPRF    198
    TAASECXC    INZPWD       199
    TAASECXC2   INZPWD       200
    TAASECXC3   INZPWD       201
    TAASEDCC    DSPUSRPRF2   202
    TAASEDFC    DSAUSRPRF    203
    TAASEDHC    CHGUSRPRF2   204
    TAASEDLC    RTVUSRPRF2   205
    TAASEDRC    CPYUSRPRF2   206
    TAASEDRC2   CPYUSRPRF2   207
    TAASEDSC2   AUDLOG       208
    TAASEDTC    DLTUSRPRF2   209
    TAASEDWC    CVTAUDLOG3   210
    TAASEFWC    CHGDSTPWD2   211
    TAASPLDC    DUPSPLF      212
    TAASPLXC4   SPLDST       213
    TAASPMEC2   CVTFRMSPLF   214
    TAATMPAC    CHGBIGPARM   215
    TAATMPAC2   CHGBIGPARM   216
    TAATMPBC    CLNTAATEMP   217
    TAATMPBC3   CLNTAATEMP   218
    TAATIMDC    RTVTIMSTM    219

1.  There is no known exposure with the LOCKMSG function unless you
    restrict which users are allowed to send messages to other users.
    The programs TAADBFFC, TAADBFFE, TAADBFFF, and TAADBFFG adopt.

2.  There is no known exposure with the LOCKMSG function unless you
    restrict which users are allowed to send messages to other users.
    The programs TAADBFFC, TAADBFFE, TAADBFFF, and TAADBFFG adopt.

3.  There is no known exposure with the LOCKMSG function unless you
    restrict which users are allowed to send messages to other users.
    The programs TAADBFFC, TAADBFFE, TAADBFFF, and TAADBFFG adopt.

4.  There is no known exposure with the LOCKMSG function unless you
    restrict which users are allowed to send messages to other users.
    The programs TAADBFFC, TAADBFFE, TAADBFFF, and TAADBFFG adopt.

5.  The CVTAUDLOG command of the AUDLOG tool adopts authority and
    requires a user to be authorized to the TAAAUDLOG authorization
    list. This allows an operator to be able to do the conversion from
    the QAUDJRN on a regular basis. CVTAUDLOG is the only command in
    AUDLOG that requires authorization to the TAAAUDLOG authorization
    list. Most of the other functions are controlled by the owner of
    the files created by CRTAUDLOG. CVTAUDLOG3 also requires
    authorization to TAAAUDLOG. The TAASEDSC23 program adopts QSECOFR
    authority to display a detail journal entry from the journal
    itself (Option 7 on DSPAUDLOG). The program prevents a user who
    does not have *USE authority to the AUDLOGP file from being able
    to use this function.

6.  The PAGSEP tool uses TAASPMDC to access the setting of the
    TAAPAGSEPn application value in TAASECURE. It provides a 'read
    only' function. The TAASPMDC2 program is the sample program which
    allows access to the text of a passed in user profile name.

7.  The PAGSEP tool uses TAASPMDC to access the setting of the
    TAAPAGSEPn application value in TAASECURE. It provides a 'read
    only' function. The TAASPMDC2 program is the sample program which
    allows access to the text of a passed in user profile name.

8.  The PRTSAVLBL tool uses TAASAVQC2 to access the setting of the
    PRTSAVLBL application value in TAASECURE. It provides a 'read
    only' function.

9.  The DSPALLSPLF and WRKALLSPLF tools tool allow any user to display
    his own spooled files. The TAAALLSPLF authorization list allows a
    user to display spooled files owned by other users. Both the
    TAASPMSR program (part of WRKALLSPLF), and TAASPMMR program (part
    of DSPALLSPLF) adopt, but ensure that the user has *USE authority
    to TAAALLSPLF if a user other than *CURRENT is specified.

10. The DSPALLSPLF and WRKALLSPLF tools tool allow any user to display
    his own spooled files. The TAAALLSPLF authorization list allows a
    user to display spooled files owned by other users. Both the
    TAASPMSR program (part of WRKALLSPLF), and TAASPMMR program (part
    of DSPALLSPLF) adopt, but ensure that the user has *USE authority
    to TAAALLSPLF if a user other than *CURRENT is specified.

11. The SAVE2 programs TAASAVTC9 and TAASAVTC7 adopt authority to
    access the SAVE2 *USRSPC information and DLYCMD *DTAARA objects
    from the TAASECURE library. There are no known exposures as this
    is a 'read only' access.

12. The SAVE2 programs TAASAVTC9 and TAASAVTC7 adopt authority to
    access the SAVE2 *USRSPC information and DLYCMD *DTAARA objects
    from the TAASECURE library. There are no known exposures as this
    is a 'read only' access.

13. The DLYCMD program TAAJOBKC11 adopts authority to access the
    DLYCMD *DTAARA information from the TAASECURE library. There are
    no known exposures as this is a 'read only' access.

14. The DSPJOB3 program TAAJODCC adopts authority of the TAAJOBCTL
    user profile to allow a display of any job. The user must have
    *JOBCTL authority or be authorized to the TAAJOBCTL authorization
    list.

15. The program TAASEFAC5 of the EDTAUTL2 tool adopts authority of the
    of QSECOFR to access Application Value data from TAASECURE. There
    are no known exposures as this is a 'read only' access.

16. The EDTOBJAUT2 program TAASECFC5 adopts authority of the of
    QSECOFR to access Application Value data from TAASECURE. There are
    no known exposures as this is a 'read only' access.

17. The SAVACT program TAASAVUC24 adopts authority to access all
    libraries for EDTSAVACT to edit the TAASAVACTP file. The
    TAASAVUC25 program adopts authority to access the SAVACT
    Application Value in TAASECURE.

18. The SAVACT program TAASAVUC24 adopts authority to access all
    libraries for EDTSAVACT to edit the TAASAVACTP file. The
    TAASAVUC25 program adopts authority to access the SAVACT
    Application Value in TAASECURE.

19. The RTVIFSEAUT program TAAIFSNC adopts authority in order to
    determine the current users authority.

20. The JOBDEP program TAAJODFC24 adopts to access (read only) the
    JOBDEP Application Value in TAASECURE. The TAAJODFR45 program
    adopts to update the Master and Detail files with start and end
    information.

21. The JOBDEP program TAAJODFC24 adopts to access (read only) the
    JOBDEP Application Value in TAASECURE. The TAAJODFR45 program
    adopts to update the Master and Detail files with start and end
    information.

22. The CHGSGNTXT programs TAADSPLC and TAADSPLC3 require *JOBCTL and
    adopt to update the TAAMSGF in TAATOOL.

23. The CHGSGNTXT programs TAADSPLC and TAADSPLC3 require *JOBCTL and
    adopt to update the TAAMSGF in TAATOOL.

24. The CHKSGNCNT program TAASEFGC adopts authority to access objects
    in TAASECURE. No changes occur.

25. The SNDAUDE function adopts the QSECOFR profile to allow sending
    an entry to the QAUDJRN journal which may be *PUBLIC *EXCLUDE.

26. Most of the APYRMTJRN commands are *PUBLIC. STRAPYRMT, ENDAPYRMT,
    SNDAPYRMTE, and CRTAPYRMTD are controlled by the TAAAPYRMT
    authorization list. The STRAPYRMT, ENDAPYRMT, and SNDAPYRMTE
    program adopt authority to allow operators to control the
    function. Several batch jobs are submitted by STRAPYRMT and they
    all adopt to allow the programs to operate on any object. The
    TAAJRODC46 and TAAJRODC47 programs adopt to allow the create of a
    file from the TAA Archive.

27. Most of the APYRMTJRN commands are *PUBLIC. STRAPYRMT, ENDAPYRMT,
    SNDAPYRMTE, and CRTAPYRMTD are controlled by the TAAAPYRMT
    authorization list. The STRAPYRMT, ENDAPYRMT, and SNDAPYRMTE
    program adopt authority to allow operators to control the
    function. Several batch jobs are submitted by STRAPYRMT and they
    all adopt to allow the programs to operate on any object. The
    TAAJRODC46 and TAAJRODC47 programs adopt to allow the create of a
    file from the TAA Archive.

28. The CVTIFS program TAAIFSAC adopts authority, but requires the
    user to be authorized to the TAACVTIFS authorization list.

29. The CVTIFSEAUT program TAAIFSPC adopts authority, but requires the
    user to be authorized to the TAACVTIFS authorization list.

30. The SAVCHG23 program TAASAVWC adopts authority, but requires the
    user to be authorized to the TAASAVALLC authorization list.

31. The UPSMON TAASYTLC13 program adopts QSECOFR to allow a display of
    the UPSMON values. The TAASYTLC12 program adopts QSECOFR to
    provide for an orderly powerdown. The UPSMON *JOBD is shipped with
    *PUBLIC *EXCLUDE. It contains the value USRPRF = QPGMR which is
    required for an auto start job. If STRUPSMON2 is run, an auto
    start job entry is added to the controlling subsystem and QPGMR is
    authorized to *USE for the job description.

32. The UPSMON TAASYTLC13 program adopts QSECOFR to allow a display of
    the UPSMON values. The TAASYTLC12 program adopts QSECOFR to
    provide for an orderly powerdown. The UPSMON *JOBD is shipped with
    *PUBLIC *EXCLUDE. It contains the value USRPRF = QPGMR which is
    required for an auto start job. If STRUPSMON2 is run, an auto
    start job entry is added to the controlling subsystem and QPGMR is
    authorized to *USE for the job description.

33. The SAVLIBSAVF TAASAWBC11 adopts only to allow the CHGOBJD tool to
    be used to set the user attribute of a save file.

34. The SPLSTO TAASPMRR2 and TAASPMRR25 programs adopt to allow
    *CHANGE authority to the spool store files while updates are
    occurring.

35. The SPLSTO TAASPMRR2 and TAASPMRR25 programs adopt to allow
    *CHANGE authority to the spool store files while updates are
    occurring.

36. The CAPSECINF TAASEGMC12 program adopts to access the values from
    the CAPSECINF Application Value in TAASECURE.

37. The JOBANZ TAAJOEAC27 program adopts to access a value from the
    JOBANZ Application Value in TAASECURE.

38. The TAASPLIC20 program for SPLCTL adopts to allow update of the
    SPLCTLRCV and SPLCTLRCV2 recovery data areas in TAATOOL.

39. The RTVMSKPWD TAASEGQC and TAASEGQC2 programs adopt security to
    the MSKPWDP file in TAASECURE.

40. The RTVMSKPWD TAASEGQC and TAASEGQC2 programs adopt security to
    the MSKPWDP file in TAASECURE.

41. The DSPJOBLOG4 TAASPOBC program adopts to allow *ALLOBJ and
    *SPLCTL. The user of the command must be authorized to the
    TAASPLSEC authorization list.

42. The TAATAPNC, TAATAPNC2, TAATAPNC4, TAATAPNC5, TAATAPNC6,
    TAATAPNC7, and TAATAPNC11 programs adopt to ensure access to
    various functions. The user must be authorized to the TAAVTP
    authorization list.

43. The TAATAPNC, TAATAPNC2, TAATAPNC4, TAATAPNC5, TAATAPNC6,
    TAATAPNC7, and TAATAPNC11 programs adopt to ensure access to
    various functions. The user must be authorized to the TAAVTP
    authorization list.

44. The TAATAPNC, TAATAPNC2, TAATAPNC4, TAATAPNC5, TAATAPNC6,
    TAATAPNC7, and TAATAPNC11 programs adopt to ensure access to
    various functions. The user must be authorized to the TAAVTP
    authorization list.

45. The TAATAPNC, TAATAPNC2, TAATAPNC4, TAATAPNC5, TAATAPNC6,
    TAATAPNC7, and TAATAPNC11 programs adopt to ensure access to
    various functions. The user must be authorized to the TAAVTP
    authorization list.

46. The DSPGRPPRF program TAASEGWC2 adopts QSECOFR to allow the use of
    the DSPUSRPRF outfile function to the TAASECKP file in TAASECURE.
    CVTGRPPRF then reads this file and creates the GRPPRFP program in
    QTEMP which contains the user profile records for each group
    member. TAASEGWC2 ensures that the profile is a group profile and
    that the user has 'all rights' to the group profile.

47. The TAAJOEJC23 and TAAJOEJC25 programs adopt to access the
    Application Value CHKINACT2 in TAASECURE. The TAAJOEJC24 program
    adopts to access the user text description from the profile used
    in WRKINACT2. Both programs perform read only functions and are
    considered safe.

48. The TAAJOEJC23 and TAAJOEJC25 programs adopt to access the
    Application Value CHKINACT2 in TAASECURE. The TAAJOEJC24 program
    adopts to access the user text description from the profile used
    in WRKINACT2. Both programs perform read only functions and are
    considered safe.

49. The TAAJOEJC23 and TAAJOEJC25 programs adopt to access the
    Application Value CHKINACT2 in TAASECURE. The TAAJOEJC24 program
    adopts to access the user text description from the profile used
    in WRKINACT2. Both programs perform read only functions and are
    considered safe.

50. The CMPDBF2 program TAADBLPC adopts to allow the use of the CLPDBR
    tool against the file. The file is only read and compared against
    a copy of the same file made at a previous time.

51. The DSPJRNA and DSPJRNRCVD programs (TAAJROPC and TAAJRORC) adopt
    to allow a 'display only' function of the journal and receiver
    directory. The user must have *OBJOPR authority to the journal.
    This allows operation personnel to see the journal and the
    directory without having WRK options. The journal entries are not
    displayed.

52. The DSPJRNA and DSPJRNRCVD programs (TAAJROPC and TAAJRORC) adopt
    to allow a 'display only' function of the journal and receiver
    directory. The user must have *OBJOPR authority to the journal.
    This allows operation personnel to see the journal and the
    directory without having WRK options. The journal entries are not
    displayed.

53. The QRYUSE tool CVTQRYUSE command calls a sub program TAAWHRDC15
    to delete a restored object in QTEMP. Only a DLTQRY command is
    used and the object must be in QTEMP.

54. The DSPWTR tool uses the TAAPRTOC11 program to allow DSPWTRSTS.
    The program adopts to avoid the requirement for *JOBCTL.

55. The CHKUSRGRP tool uses the TAASELCC program to allow a user
    authorized to the TAACHKUSRG *AUTL to run the command. The program
    adopts to avoid the requirement for *ALLOBJ.

56. The DUPFILFMT2 tool uses the TAADBOHC2 program to allow any user
    to be able to duplicate a file format (create a new file) without
    being authorized to the file. The data is not copied.

57. The CRTXREFLF tool uses the TAADBINC program to allow creation
    over the QADBXREF file.

58. The TAAQRY tool uses the TAADBIUR13 program to update the QRYFILP
    file with the date the query was run.

59. The CHKNAMADR command of the NAMADR tool uses the TAADBKXR2
    program to read the TAADBKXP file in TAASECURE to build the arrays
    needed to check.

60. The DSPDSTQ tool uses the TAADSQAC program to allow any user to
    display the distribution queue.

61. The MAILADR tool uses the TAAEMLEC21 program to change the the
    user attribute of TAA mail files.

62. The HORSERACE tool uses the TAAGAMAC program to change the data
    area in TAATOOL.

63. The RTVLSTQHST tool uses the TAAHSTGC program to access the QHST
    files.

64. The RTVIFSED tool uses the TAAIFSMC and TAAIFSMC2 programs to
    access the IFS information.

65. The RTVIFSED tool uses the TAAIFSMC and TAAIFSMC2 programs to
    access the IFS information.

66. The CHKIFSSAV tool uses the TAAIFULC program to access the IFS
    information. It checks for *USE authority to the TAACVTIFS
    authorization list.

67. The DSPJOBSCDE tool uses the TAAJBSEC2 program solely to access
    the job schedule information.

68. The WHO tool uses the TAAJOBAC2 program to access the application
    value in TAASECURE.

69. The DSPSBSJOB tool uses the TAAJOCEC2 program to access the
    information via an API. This is a "display-only" tool and does not
    allow changing any job attributes.

70. The RTVJOBAPI tool uses the TAAJOCHC program to access the
    information via an API.

71. The JOBTALK tool uses these programs to execute commands within
    another job.

72. The JOBTALK tool uses these programs to execute commands within
    another job.

73. The JOBTALK tool uses these programs to execute commands within
    another job.

74. The JOBTALK tool uses these programs to execute commands within
    another job.

75. The CHKINACT tool uses the TAAJODJC11 program to retrieve an
    application value in TAASECURE.

76. The DSPUSRJOB tool uses the TAAJODZC3 and is owned by TAAJOBCTL
    which provides *JOBCTL authority.

77. The DTAARAARC tool uses the TAAARARC25 program to change the
    object description to update information.

78. The DSPCMDHLP tool uses the TAACMEYC program to display command
    help for any command.

79. The DSPSBSJOB2 command of the DSPSBSJOBQ tool uses the TAAJODIC2
    to provide a display of any job queue with only display options.
    The TAAJOBCTL authorization list is checked.

80. The APYRMTJRN tool uses the TAAJRODC35 and TAAJRODC59 for internal
    processing.

81. The APYRMTJRN tool uses the TAAJRODC35 and TAAJRODC59 for internal
    processing.

82. The RMVSYSLIBE tool uses the TAALIBQC program to remove libraries
    from the system portion of the library list that have been
    specified by the Security Officer.

83. The FRCJOBLOG command of the SETJOBLOG tool uses the TAALOGAC2
    program with adoption to allow the SIGNOFF command to remain
    private if you have made it so.

84. The DSPALLJLG tool uses the TAALOGHR program with adoption to
    allow any job log to be displayed. The command is controlled by
    the TAADSPJLG authorization list.

85. The ADPMBR tool uses the TAAMBRJC, TAAMBRJC2, and TAAMBRJC3
    programs to allow end users to operate with member commands on
    files specified by the Security Officer.

86. The ADPMBR tool uses the TAAMBRJC, TAAMBRJC2, and TAAMBRJC3
    programs to allow end users to operate with member commands on
    files specified by the Security Officer.

87. The ADPMBR tool uses the TAAMBRJC, TAAMBRJC2, and TAAMBRJC3
    programs to allow end users to operate with member commands on
    files specified by the Security Officer.

88. The DYNMNU tool uses the TAAMNUAC21 program to access an
    Application Value in TAASECURE.

89. The SHOUT tool uses the TAAMSGLC2 program only to access the user
    class of any user profile.

90. The SNDTIMMSG tool uses the TAAMSGSC and TAAMSGSC8 programs to
    control the file for when messages are sent.

91. The SNDTIMMSG tool uses the TAAMSGSC and TAAMSGSC8 programs to
    control the file for when messages are sent.

92. The SNDUSRBRK tool uses the TAAMSHJC programs to control the file
    for when messages are sent.

93. The NAMADR tool uses the TAANAMAC9 program for internal
    processing.

94. The CAPNETA tool uses the TAANETDC program to capture all
    attributes.

95. The NTEFIL tool uses the TAANTEAC23 program to allow update of a
    file.

96. The CRTDUPPF tool uses the TAAOBJRC program to allow a user with
    *USE authority to a file to be able to duplicate it.

97. The RPGVALCHK tool uses the TAARPGCC program to allow internal
    processing.

98. The CHKSAVDEV tool uses the TAASAVNC2 program with adopt so it can
    S/R and delete the CHKSAVDEV data area.

99. The CHGSCRPWD command of the DSPPWD tool uses the TAASECCC2
    program with adopt so it can access a program in TAASECURE.

100. The CPYUSRPRF2 tool uses the TAASECHC2 program with adopt so it
     can use CHGUSRPRF command.

101. The CHGUSRPWD tool uses the TAASECIC3 program with adopt so it
     can access an exit program in TAASECURE.

102. The CHGGRPPRF tool uses the TAASECJC program with adopt so it can
     change the group profile during a job.

103. The SECOFR2 tool uses the TAASEDBC3 program with adopt so it can
     access TAASECURE to retrieve application values and constant
     arrays.

104. The CHKPGMOWN tool uses the TAASEEFC program with adopt so it can
     determine the owner of any program.

105. The DSPUSRTXT tool uses the TAASEFZC program with adopt so it can
     determine the user text of any user.

106. The RTVUSRTXT tool uses the TAASEGDC program with adopt so it can
     determine only the user text of any user.

107. The CHGMSKPWD command of the RTVMSKPWD tool uses the TAASEGQC and
     TAASEGQC2 programs with adopt to mask a password. The source code
     is not shipped with the product.

108. The CHGMSKPWD command of the RTVMSKPWD tool uses the TAASEGQC and
     TAASEGQC2 programs with adopt to mask a password. The source code
     is not shipped with the product.

109. The LMTDLTSPL2 tool uses the TAASPLSC2 program with adopt to
     access TAASECURE.

110. The DSPSPLF2 tool uses the TAASPLWC9 program with adopt to read
     the TAASECURE/DSPSPLF2 user space.

111. The CVTSPLSTO command of the SPLSTO tool uses the TAASPMRC22
     program with adopt to change a user space in the SPLSTO library.

112. The CPYSPLFIFS tool uses the TAASPNAC2 program with adopt to
     check for product requirements.

113. The RTVSPLSIZ tool uses the TAASPNXC program with adopt to access
     all spooled file information.

114. The CMPSRC3 tool uses the TAASRCBC program with adopt to allow
     internal processing.

115. The SRCCTL tool uses the TAASRCHC and TAASRCHC2 programs with
     adopt to allow updates to occur.

116. The SRCCTL tool uses the TAASRCHC and TAASRCHC2 programs with
     adopt to allow updates to occur.

117. The DSPLIBSRCF tool uses the TAASRDJC program to determine the
     source files in the library. The user is checked for *USE
     authority to the library. The QSECOFR profile is adopted so the
     QADBXREF file can be used.

118. The FNDSRCMBR tool uses the TAASRDKC program to determine the
     source files in the library.

119. The RTVLIBSRCF tool uses the TAASRDVC program to determine the
     source files in the library.

120. The CHKOBJSRC tool uses the TAASREEC10 program for the prompt
     override of CHKOBJSRC.

121. The CPYSRCHDR tool uses the TAASREHC3 program with adopt when
     copying standard source members.

122. The CRTSTDSRCF tool uses the TAASREIC2 program to adopt to access
     the TAASECURE library.

123. The DSPSYS tool uses the TAASYSKC3 program to adopt while
     accessing attributes system objects for display-only purposes.

124. The RTVHDWRSC tool uses the TAASYSXC program with adopt while
     accessing information.

125. The RTVIPLTIM tool uses the TAASYTXC program with adopt while
     accessing information.

126. The RTVSYSINF command of the CAPSYSINF tool uses the TAASYTMC4
     program with adopt to access TAASECURE.

127. The CHKASPSTG tool uses the TAASYTPC2 and TAASYTPC3 programs to
     access TAASECURE and internal processing.

128. The CHKASPSTG tool uses the TAASYTPC2 and TAASYTPC3 programs to
     access TAASECURE and internal processing.

129. The RPLKVTP command of the CRTVTP tool uses the TAATAPNC5 program
     for internal processing. The WRKVTP command uses the TAATAPNC7
     program for internal processing. These programs check the TAAVTP
     authorization list.

130. The RPLKVTP command of the CRTVTP tool uses the TAATAPNC5 program
     for internal processing. The WRKVTP command uses the TAATAPNC7
     program for internal processing. These programs check the TAAVTP
     authorization list.

131. The RDYVTP command of the CRTVTP tool uses the TAATAPNC6 program
     for internal processing. This program checks the TAAVTP
     authorization list.

132. The RTVHOSTNAM tool uses the TAATCPGC program for internal
     processing.

133. The DSPTIMZON tool uses the TAATIMNC11 program to access
     TAASECURE.

134. The ALCTMPMBR tool uses the TAATMPCC program for internal
     processing.

135. The DLCTMPMBR command of the ALCTMPMBR tool uses the TAATMPCC2
     program for internal processing.

136. The CHKTAAOWN tool uses the TAATOMOC program to check against any
     program.

137. The RTVTRNTBL tool uses the TAATRNAC program to access TAASECURE.

138. The CHGUSRPWD2 command of the CHGUSRPWD tool uses the TAASECIC2
     program to access TAASECURE.

139. The DUPTAADBF tool uses the TAATOMHC program to access to allow
     duplication from TAATOOL.

140. The TAASEGYC2 program adopts to allow enabling of a user profile.
     The user must be authorized to the TAAENAUSR authorization list.
     The check occurs using the UNADOPT tool (the objects are not
     controlled by the authorization list).

141. The TAAOBLKC program adopts to allow a user who is authorized to
     the TAADSPOBJ4 authorization list to display any object
     attributes. Only the attributes are displayed and not data. None
     of the objects are tied to the authorization list. Checking
     occurs within TAAOBLKC.

142. The TAATOLXC program adopts to allow the CPYTAADDS tool to use
     the CPYTAA tool to create files from DDS in the archive. Only DDS
     source is accessed.

143. The TAACVTLIBD authorization list is tested to allow access to
     CVTLIBDBF for library special values such as *ALL. No objects are
     authorized to the list. The TAADBHCC program adopts.

144. The TAAMSHWC2 program is a short helper program that accesses
     read-only data areas from the TAASECURE library.

145. The CVTJOBACG and CVTJOBACG2 commands of the JOBACG tool are
     secured by the TAAJOBACG authorization list. The user must have
     either have ALLOBJ special authority or USE authority to
     TAAJOBACG to be able to use these commands.

146. The CVTJOBACG and CVTJOBACG2 commands of the JOBACG tool are
     secured by the TAAJOBACG authorization list. The user must have
     either have ALLOBJ special authority or USE authority to
     TAAJOBACG to be able to use these commands.

147. The user of the CVTJOBACG3 command must be authorized to the
     TAAJOBACG authorization list. This authorization list is provided
     by the JOBACG tool and is also required for CVTJOBACG and
     CVTJOBACG2 (and CVTPRTACG and CVTPRTACG2).

148. The user of the CVTPRTACG and CVTPRTACG2 commands of the PRTACG
     tool must on the TAAJOBACG authorization list with *USE
     authority. This authorization list is provided by the JOBACG
     tool.

149. The user of the CVTPRTACG and CVTPRTACG2 commands of the PRTACG
     tool must on the TAAJOBACG authorization list with *USE
     authority. This authorization list is provided by the JOBACG
     tool.

150. Users of all of the DSPxxxA commands of the DSPADP tool must be
     on the TAADSPASP authorization list with *USE authority.

151. Users of all of the DSPxxxA commands of the DSPADP tool must be
     on the TAADSPASP authorization list with *USE authority.

152. Users of all of the DSPxxxA commands of the DSPADP tool must be
     on the TAADSPASP authorization list with *USE authority.

153. Users of all of the DSPxxxA commands of the DSPADP tool must be
     on the TAADSPASP authorization list with *USE authority.

154. Users of all of the DSPxxxA commands of the DSPADP tool must be
     on the TAADSPASP authorization list with *USE authority.

155. Users of all of the DSPxxxA commands of the DSPADP tool must be
     on the TAADSPASP authorization list with *USE authority.

156. Users of all of the DSPxxxA commands of the DSPADP tool must be
     on the TAADSPASP authorization list with *USE authority.

157. Users of all of the DSPxxxA commands of the DSPADP tool must be
     on the TAADSPASP authorization list with *USE authority.

158. Users of all of the DSPxxxA commands of the DSPADP tool must be
     on the TAADSPASP authorization list with *USE authority.

159. Users of all of the DSPxxxA commands of the DSPADP tool must be
     on the TAADSPASP authorization list with *USE authority.

160. Users of all of the DSPxxxA commands of the DSPADP tool must be
     on the TAADSPASP authorization list with *USE authority.

161. Users of all of the DSPxxxA commands of the DSPADP tool must be
     on the TAADSPASP authorization list with *USE authority.

162. Users of all of the DSPxxxA commands of the DSPADP tool must be
     on the TAADSPASP authorization list with *USE authority.

163. Users of all of the DSPxxxA commands of the DSPADP tool must be
     on the TAADSPASP authorization list with *USE authority.

164. Users of all of the DSPxxxA commands of the DSPADP tool must be
     on the TAADSPASP authorization list with *USE authority.

165. The TAACFGEC program of the VRYCFG2 command is secured by the
     TAAVRYCFG authorization list.

166. The TAACFGGC program of the VRYCFGOFF command is secured by the
     TAAVRYCFGO authorization list.

167. The TAAHSTAC program is secured by the TAACVTQHST authorization
     list.

168. The command DLTQHST and the TAAHSTBC CL program are created so
     they may not be executed unless a user is authorized to the
     TAADLTQHST authorization list.

169. The TAAHSTEC program of the CVTQHST2 command of the DSPQHST2 tool
     is secured by the TAACVTQHST authorization list.

170. The TAAIFSRC program of the CVTIFSAUT tool adopts QSECOFR to swap
     to the user profile named on the command. The current user must
     have *USE authority to that user profile.

171. You must be authorized to the TAAJOBSCDE authorization list to
     use RTVJOBSCDE.

172. You must be authorized to the TAAJOBSCDE authorization list to
     use CVTJOBSCDE.

173. You must be authorized to the TAAJOBSCDE authorization list to
     use ADDJOBSCD2.

174. You must be authorized to the TAAJOBSCDE authorization list to
     use CPYJOBSCDE.

175. The TAAJOCIC program and the EXCJOBCTL command are secured by the
     TAAJOBCTL authorization list.

176. The PRTJOBSUM command and the TAAJOCXC program are secured by the
     TAACVTQHST authorization list.

177. The programs TAAJRODC, TAAJRODC2, TAAJRODC3, and TAAJRODC9 of the
     APYRMTJRN tool are secured by the TAAAPYRMT authorization list.

178. The programs TAAJRODC, TAAJRODC2, TAAJRODC3, and TAAJRODC9 of the
     APYRMTJRN tool are secured by the TAAAPYRMT authorization list.

179. The programs TAAJRODC, TAAJRODC2, TAAJRODC3, and TAAJRODC9 of the
     APYRMTJRN tool are secured by the TAAAPYRMT authorization list.

180. The program TAAJROJC of the MTNALLJRN tool is secured by the
     TAAMTNJRN authorization list.

181. The TAALICEC program of the CVTLIBCNT tool is secured by the
     TAADSPADP authorization list.

182. The TAALICFC program of the PRTLIBCNT tool is secured by the
     TAADSPADP authorization list.

183. The TAALOGFC program of the DLTJOBLOG tool is secured by the
     TAACVTQHST authorization list.

184. The TAAMSHDC program of the SNDGRPPRF tool is secured by the
     TAASNDGRP authorization list.

185. The TAAMSHEC program of the SNDUSGMSG tool is secured by the
     TAASNDUSG authorization list.

186. The TAARCLAC program of the RCLSTG2 tool is secured by the
     TAARCLSTG2 authorization list. In addition, the system must be in
     restricted state to use the tool.

187. The TAARSTAC program of the RSTALLCHG tool is secured by the
     TAARSTALLC authorization list.

188. The TAARSTBC program of the RSTANYLIB tool is secured by the
     TAARSTANYL authorization list.

189. The TAARSTCC program of the RSTFIL tool is secured by the
     TAARSTFIL authorization list.

190. The TAARSTDC program of the RSTALLLIB tool is secured by the
     TAARSTALLC authorization list.

191. The TAARSTFC program of the RSTMNYLIB tool is secured by the
     TAARSTALLC authorization list.

192. The TAARSTIC program of the RSTMNYCHG tool is secured by the
     TAARSTALLC authorization list.

193. The TAASAVCC, TAASAVCC2, and TAASAVCC3 programs of the SAVALLCHG
     tool are secured by the TAASAVALLC authorization list.

194. The TAASAVCC, TAASAVCC2, and TAASAVCC3 programs of the SAVALLCHG
     tool are secured by the TAASAVALLC authorization list.

195. The TAASAVCC, TAASAVCC2, and TAASAVCC3 programs of the SAVALLCHG
     tool are secured by the TAASAVALLC authorization list.

196. The TAASAVCC, TAASAVCC2, and TAASAVCC3 programs of the SAVALLCHG
     tool are secured by the TAASAVALLC authorization list.

197. The TAASECBC program of the ACCSECLIB tool is secured by the
     TAAACCSECL authorization list.

198. The program TAASECLC of the ENAUSRPRF tool is secured by the
     TAAENAUSR authorization list.

199. The programs TAASECXC, TAASECXC2, and TAASECXC3 of the INZPWD
     tool are secured by the TAAINZPWD authorization list.

200. The programs TAASECXC, TAASECXC2, and TAASECXC3 of the INZPWD
     tool are secured by the TAAINZPWD authorization list.

201. The programs TAASECXC, TAASECXC2, and TAASECXC3 of the INZPWD
     tool are secured by the TAAINZPWD authorization list.

202. The program TAASEDCC of the DSPUSRPRF2 tool is secured by the
     TAADSPUSR2 authorization list.

203. The program TAASEDFC of the DSAUSRPRF tool is secured by the
     TAADSAPRF authorization list.

204. The program TAASEDHC of the CHGUSRPRF2 tool is secured by the
     TAACHGPRF2 authorization list.

205. The program TAASEDLC of the RTVUSRPRF2 tool is secured by the
     TAARTVUSR2 authorization list.

206. The programs TAASEDRC and TAASEDRC2 of the CPYUSRPRF2 tool are
     secured by the TAACPYUSR2 authorization list.

207. The programs TAASEDRC and TAASEDRC2 of the CPYUSRPRF2 tool are
     secured by the TAACPYUSR2 authorization list.

208. The program TAASEDSC2 of the AUDLOG tool is secured by the
     TAAAUDLOG authorization list.

209. The program TAASEDTC of the DLTUSRPRF2 tool is secured by the
     TAADLTUSR2 authorization list.

210. The program TAASEDWC of the CVTAUDLOG3 tool is secured by the
     TAAAUDLOG authorization list.

211. The program TAASEFWC of the CHGDSTPWD2 tool is secured by the
     TAADSTPWD2 authorization list.

212. The program TAASPLDC of the DUPSPLF tool is secured by the
     TAADUPSPLF authorization list.

213. The program TAASPLXC4 of the SPLDST tool is secured by the
     TAASPLDST authorization list.

214. The program TAASPMEC2 of the CVTFRMSPLF tool is secured by the
     TAACVTSPLF authorization list.

215. The programs TAATMPAC and TAATMPAC2 of the CHGBIGPARM tool are
     secured by the TAACHGBIGP authorization list.

216. The programs TAATMPAC and TAATMPAC2 of the CHGBIGPARM tool are
     secured by the TAACHGBIGP authorization list.

217. The programs TAATMPBC and TAATMPBC3 of the CLNTAATEMP tool are
     secured by the TAACLNTEMP authorization list.

218. The programs TAATMPBC and TAATMPBC3 of the CLNTAATEMP tool are
     secured by the TAACLNTEMP authorization list.

219. The program TAATIMDC of the RTVTIMSTM tool adopts QSECOFR only to
     be able to access the TAATOOL/TAATIMDS user space to provide a
     unique suffix for 26 character time stamps.

Determining programs that adopt

You can determine the programs in TAATOOL that adopt authority by
using the PRTPGMA tool and specifying USRPRF(*OWNER).

Authorization lists

For certain tools, an authorization list is created in QSYS to allow a
more convenient means of authorization and to allow security to remain
in place even though you re-create a tool or install a new version of
the TAA Productivity Tools.

The authorization lists are created as part of the installation of the
TAA Productivity Tools if they do not already exist. Some
authorization lists are used by multiple tools.

The following is a list of the TAA Authorization lists, the tools that
use each list and the objects that are shipped as authorized to the
list.

        Authorization
        list in QSYS      Tool          Notes     Object     Type   Total
        ------------      ----          -----     ------     ----   -----

        TAAACCSECL        ACCSECLIB               ACCSECLIB  *CMD     2
                                                  TAASECBC   *PGM

        TAAALLSPLF        DSPALLSPLF      6                           0
                          WRKALLSPLF      6


        TAAAPYRMT         APYRMTJRN               STRAPYRMT  *CMD     8
                                                  ENDAPYRMT  *CMD
                                                  SNDAPYRMTE *CMD
                                                  CRTAPYRMTD *CMD
                                                  TAAJRODC   *PGM
                                                  TAAJRODC2  *PGM
                                                  TAAJRODC3  *PGM
                                                  TAAJRODC9  *PGM


        TAAAUDLOG         AUDLOG                  CVTAUDLOG  *CMD     7
                                                  TAASEDSC2  *PGM
                                                  TAASEDSR2  *PGM
                          CVTAUDLOG3              CVTAUDLOG3 *CMD
                                                  TAASEDWC   *PGM
                                                  TAASEDWC2  *PGM
                                                  TAASEDWR   *PGM


        TAACHGBIGP        CHGBIGPARM              CHGBIGPARM *CMD     5
                                                  RTVBIGPARM *CMD
                                                  TAATMPAC   *PGM
                                                  TAATMPAC2  *PGM
                                                  TAATMPAR   *PGM


        TAACHGOBJ2        CHGOBJD2                CHGOBJD2   *CMD     5
                                                  TAAOBJLC   *PGM
                                                  TAAOBJLC2  *PGM
                          CHGOBJSRC               CHGOBJSRC  *CMD
                                                  TAAOBJUC   *PGM

        TAACHGPRF2        CHGUSRPRF2              CHGUSRPRF2 *CMD     2
                                                  TAASEDHC   *PGM

        TAACHKUSRG        CHKUSRGRP               CHKUSRGRP  *CMD     2
                                                  TAASELCC   *PGM


        TAACLNTEMP        CLNTAATEMP              CLNTAATEMP *CMD     6
                                                  TAATMPBC   *PGM
                                          5       TAATMPBC2  *PGM
                                                  TAATMPBC3  *PGM
                                                  TAATMPBC9  *PGM
                                                  TAATMPBR   *PGM


        TAACPYUSR2        CPYUSRPRF2              CPYUSRPRF2 *CMD     3
                                                  TAASEDRC   *PGM
                                                  TAASEDRC2  *PGM


        TAACVTIFS         CVTIFS                  CVTIFS     *CMD    12
                                                  TAAIFSAC   *PGM
                                                  TAAIFSAC2  *PGM
                                                  TAAIFSAR   *PGM
                                                  DLTIFS     *CMD
                                                  DLTIFS2    *CMD
                                                  TAAIFSQC   *PGM
                                                  TAAIFSQC2  *PGM
                                                  TAAIFSQC3  *PGM
                                                  TAAIFSQC4  *PGM
                                                  TAAIFSQR   *PGM
                                                  TAAIFSQR2  *PGM


        TAACVTLIBD        CVTLIBDBF      11                           0


        TAACVTQHST        CVTQHST                 CVTQHST    *CMD    22
                                                  TAAHSTAC   *PGM
                                                  TAAHSTAR   *PGM
                          DSPQHST2                CVTQHST2   *CMD
                                                  DSPQHST2   *CMD
                                                  MTNQHST2   *CMD
                                                  TAAHSTEC   *PGM
                                                  TAAHSTEC2  *PGM
                                                  TAAHSTEC3  *PGM
                                                  TAAHSTEC5  *PGM
                                                  TAAHSTEC6  *PGM
                                                  TAAHSTEC7  *PGM
                                                  TAAHSTEC8  *PGM
                                                  TAAHSTEC9  *PGM
                                                  TAAHSTEC13 *PGM
                                                  TAAHSTER   *PGM
                                                  TAAHSTER3  *PGM
                          DLTJOBLOG               DLTJOBLOG  *CMD
                                                  TAALOGFC   *PGM
                                                  TAALOGFC2  *PGM
                          PRTJOBSUM               PRTJOBSUM  *CMD
                                                  TAAJOCXC   *PGM


        TAACVTSPLF        CVTFRMSPLF              CVTFRMSPLF *CMD     2
                                                  TAASPMEC2  *PGM


        TAADLTQHST        DLTQHST                 DLTQHST    *CMD     2
                                                  TAAHSTBC   *PGM


        TAADLTUSR2        DLTUSRPRF2              DLTUSRPRF  *CMD     2
                                                  TAASEDTC   *PGM


        TAADPTSEC         SECOFR2         3


        TAADSAPRF         DSAUSRPRF               DSAUSRPRF  *CMD     2
                                                  TAASEDFC   *PGM


        TAADSPADP         DSPADP          1       DSPCLSA    *CMD    34
                                                  DSPCMDA    *CMD
                                                  DSPDBRA    *CMD
                                                  DSPFDA     *CMD
                                                  DSPFFDA    *CMD
                                                  DSPJOBDA   *CMD
                                                  DSPLIBA    *CMD
                                                  DSPOBJAUTA *CMD
                                                  DSPOBJDA   *CMD
                                                  DSPPGMA    *CMD
                                                  DSPPGMADPA *CMD
                                                  DSPPGMREFA *CMD
                                                  DSPSAVFA   *CMD
                                                  DSPSBSDA   *CMD
                                                  DSPUSRPRFA *CMD
                                                  TAAADPAC   *PGM
                                                  TAAADPAC2  *PGM
                                                  TAAADPAC3  *PGM
                                                  TAAADPAC4  *PGM
                                                  TAAADPAC5  *PGM
                                                  TAAADPAC6  *PGM
                                                  TAAADPAC7  *PGM
                                                  TAAADPAC8  *PGM
                                                  TAAADPAC9  *PGM
                                                  TAAADPAC10 *PGM
                                                  TAAADPAC11 *PGM
                                                  TAAADPAC12 *PGM
                                                  TAAADPAC13 *PGM
                                                  TAAADPAC14 *PGM
                                                  TAAADPAC15 *PGM
                                                  TAAADPAC22 *PGM
                          CVTLIBCNT               CVTLIBCNT  *CMD
                                                  TAALICEC   *PGM
                                                  TAALICEC11 *PGM
                          PRTLIBCNT               PRTLIBCNT  *CMD
                                                  TAALICFC   *PGM
                          PRTSAVCNT               PRTSAVCNT  *CMD
                                                  TAASAVSC   *PGM


        TAADSPJLG         DSPALLJLG               None                0


        TAADSPOBJ4        DSPOBJD4                None                0


        TAADSPUSR2        DSPUSRPRF2              DSPUSRPRF2 *CMD     4
                                                  TAASEDCC   *PGM
                                                  TAASEDCC2  *PGM
                                                  TAASEDCC3  *PGM


        TAADSTPWD2        CHGDSTPWD2              CHGDSTPWD2 *CMD     2
                                                  TAASEFWC   *PGM


        TAADUPSPLF        DUPSPLF                 DUPSPLF    *CMD     2
                                                  TAASPLDC   *PGM


        TAAEDTDBF         EDTDBF          9                           0


        TAAENAUSR         ENAUSRPRF               ENAUSRPRF  *CMD     2
                                                  TAASECLC   *PGM


        TAAINSTALL        Install         2       TAATOLUC   *PGM     3
                                                  TAATOLUC2  *PGM
                                                  TAATOLUC3  *PGM


        TAAINZPWD         INZPWD                  INZPWD     *CMD     8
                                                  INZPWD2    *CMD
                                                  TAASECXC   *PGM
                                                  TAASECXC2  *PGM
                                                  TAASECXC4  *PGM
                                                  TAASECXC5  *PGM
                                                  TAASECXR   *PGM
                                                  TAASECXR4  *PGM


        TAAJOBACG         JOBACG                  CVTJOBACG  *CMD    14
                                                  CVTJOBACG2 *CMD
                                                  ANZJOBACG  *CMD
                                                  TAAACGBC2  *PGM
                                                  TAAACGBC7  *PGM
                                                  TAAACGBR2  *PGM
                          PRTACG                  CVTPRTACG  *CMD
                                                  CVTPRTACG2 *CMD
                                                  TAAACGEC2  *PGM
                                                  TAAACGEC7  *PGM
                          CVTJOBACG3              CVTJOBACG3 *CMD
                                                  TAAACGDC   *PGM
                                                  TAAACGDR   *PGM
                                                  TAAACGDR11 *PGM


        TAAJOBCTL         EXCJOBCTL      10       EXCJOBCTL  *CMD     2
                                                  TAAJOCIC   *PGM


        TAAJOBSCDE        RTVJOBSCDE              RTVJOBSCDE *CMD     8
                                                  TAAJBSAC   *PGM
                          CVTJOBSCDE              CVTJOBSCDE *CMD
                                                  TAAJBSBC   *PGM
                          ADDJOBSCD2              ADDJOBSCD2 *CMD
                                                  TAAJBSCC   *PGM
                          CPYJOBSCDE              CVTJOBSCDE *CMD
                                                  TAAJBSDC   *PGM
                          DSPJOBSCDR              DSPJOBSCDR *CMD


        TAAJOBTALK        JOBTALK                 SNDJOBTALK *CMD     2
                                                  TAAJOCKC4  *PGM


        TAAMTNJRN         MTNALLJRN               MTNALLJRN  *CMD     2
                                                  TAAJROJC   *PGM


        TAAPRDLIB         CHGPRDLIB               CHGPRDLIB  *CMD     2
                                                  TAALIBNC   *PGM


        TAARCLSTG2        RCLSTG2                 RCLSTG2    *CMD     4
                                                  TAARCLAC   *PGM
                          RCLSTGBCH               RCLSTGBCH  *CMD
                                                  TAARCLBC   *PGM


        TAARSTALLC        RSTALLCHG               RSTALLCHG  *CMD     8
                                                  RSTALLLIB  *CMD
                                                  RSTMNYCHG  *CMD
                                                  RSTMNYLIB  *CMD
                                                  TAARSTAC   *PGM
                                                  TAARSTDC   *PGM
                                                  TAARSTFC   *PGM
                                                  TAARSTIC   *PGM


        TAARSTANYL        RSTANYLIB               RSTANYLIB  *CMD     2
                                                  TAARSTBC   *PGM


        TAARSTFIL         RSTFIL                  RSTFIL     *CMD     2
                                                  TAARSTCC   *PGM


        TAARTVUSR2        RTVUSRPRF2              RTVUSRPRF2 *CMD     2
                                                  TAASEDLC   *PGM


        TAASAVALLC        SAVALLCHG               SAVALLCHG  *CMD     9
                                                  SAVALLCHG2 *CMD
                                                  SAVALLSAVF *CMD
                                                  TAASAVCC   *PGM
                                                  TAASAVCC2  *PGM
                                                  TAASAVCC3  *PGM
                                                  TAASAVCC4  *PGM
                          SAVCHG23                SAVCHG23   *CMD
                                                  TAASAVWC   *PGM


        TAASBMJOB2        SBMJOB2                 SBMJOB2    *CMD     1


        TAASBMJOB3        SBMJOB2                 SBMJOB3    *CMD     1


        TAASECOFR2        SECOFR2         7                           0


        TAASECRVW         DSPSECRVW               DSPSECRVW  *CMD     3
                                                  TAASECKC   *PGM
                                                  TAASECKR   *PGM


        TAASNDBRK         SNDUSRBRK               SNDUSRBRK2 *CMD     1


        TAASNDGRP         SNDGRPPRF               SNDGRPPRF  *CMD     4
                                                  TAAMSHDC   *PGM
                                                  TAAMSHDC9  *PGM
                                                  TAAMSHDR   *PGM


        TAASNDUSG         SNDUSGMSG               SNDUSGMSG  *CMD     2
                                                  TAAMSHEC   *PGM


        TAASPLDST         SPLDST                  DUPSPLDST  *CMD     4
                                                  TAASPLXC4  *PGM
                                                  TAASPLXC14 *PGM
                                                  TAASPLXR   *PGM


        TAASRCACC         TAAARC          4       CPYTAA     *CMD     8
                                                  CPYTAA2    *CMD
                                                  CPYTAAALL  *CMD
                                                  SCNTAA     *CMD
                                                  TAAARCAC2  *PGM
                                                  TAAARCAC7  *PGM
                                                  TAAARCAC8  *PGM
                                                  TAAARCAC32 *PGM


        TAAVRYCFG         VRYCFG2                 VRYCFG2    *CMD     2
                                                  TAACFGEC   *PGM


        TAAVRYCFGO        VRYCFGOFF               VRYCFGOFF  *CMD     2
                                                  TAACFGGC   *PGM

Notes

1.  Several other tools use one of the DSPxxxA commands. For example,
    PRTDBFEXP uses DSPOBJDA to allow a user to execute over any or all
    libraries if he is authorized to TAADSPADP. See the discussion
    with DSPADP.

2.  The initial installation must be done by a user with *ALLOBJ
    special authority. Any subsequent installs can be done by any user
    who is authorized to the TAAINSTALL authorization list. See the
    information member 'Installing as a Non-QSECOFR' on the HELPTAA
    menu.

3.  The TAADPTSEC authorization list is optional. If you want
    Departmental Security Officers, use the CRTDPTSEC command of the
    SECOFR2 tool to create the authorization list. If TAADPTSEC
    exists, the options on the SECOFR2 menu check for the existence of
    the authorization list and only allow the user profiles to be
    managed if the user has all authority to the user profile . See
    the discussion with the SECOFR2 tool.

4.  The TAASRCACC authorization list is used for TAA Archive functions
    involving source. You must have *USE authority to display, copy,
    or scan any program source in the archive.

5.  The TAATMPBC2 program is optional and may not exist.

6.  *USE authority to the TAAALLSPLF authorization list is checked
    within the TAASPMMR and TAASPMSR programs if a user other than
    *CURRENT is specified.

7.  *CHANGE authority to TAASECOFR2 is required to display the SECOFR2
    menu without prompting for the current password. *USE authority
    requires entering the current password. The authorization list is
    shipped as *CHANGE.

8.  *USE authority to TAAJOBACG is required to convert journal entries
    for either JOBACG or PRTACG.

9.  If the user is not the owner of the file, he must be authorized to
    TAAEDTDBF. No objects are controlled by the authorization list.

10. The TAAJOBCTL authorization list is also used by the DSPJOB3 tool,
    but no objects in the tool are authorized to TAAJOBCTL. The
    program checks internally for authorization.

11. The TAACVTLIBD authorization list is used to allow access to
    CVTLIBDBF for library special values such as *ALL. No objects are
    authorized to the list. The TAADBHCC program adopts.

To authorize a user to a tool which is controlled by an authorization
list, you need to specify *USE authority. You may use EDTAUTL and
operate from the interactive display or the following command:

    ADDAUTLE AUTL(xxxxx) USER(xxx) AUT(*USE)

The objects that use an authorization list are created so that the
*PUBLIC user accesses their authority from the authorization list. The
authorization lists are created with the *PUBLIC being *EXCLUDE. This
allows a simple change to the authorization list if you want the tool
to be usable by *PUBLIC.

Copyright TAA Tools, Inc. 1995, 2021
					

Added to TAA Productivity tools April 1, 1995


Home Page Up to Top