How To
Summary
How to block a CL command that uses QIBM_QCA_CHG_COMMAND exit point
Objective
Environment
Steps
The exit program registration facility provides two exit points for control language (CL) commands on the system.
QIBM_QCA_CHG_COMMAND exit point and QIBM_QCA_RTV_COMMAND.
QIBM_QCA_CHG_COMMAND can change the original called CL command. You can change the parameters of the command, or run another CL command instead, or exit the running of this command. It is called before the command processing program.
QIBM_QCA_RTV_COMMAND is good for checking that command and the parameters of the called CL command, before or after the command processing program is called, according to the value when the Exit Point was registered for this QIBM_QCA_RTV_COMMAND exit point.
You can use RTVJOBA command in the Exit Point of QIBM_QCA_CHG_COMMAND, and do what you want, such as block a specific user from running this command. The blocking of the command is done in the Exit Point program via the End Request (ENDRQS) command that ends (cancels) a previously requested operation.
There is no option in the Exit Point to allow or disallow the command.
Here is an example to block the command. You need to add logic to check the user ID name part.
The End Request (ENDRQS) command ends (cancels) a previously requested operation (command).
That is what 'blocks' the command.
However, End Request (ENDRQS) command has a limitation because it is only allowed to run in an interactive job.
In order block a command when using a batch job, this can be accomplished by using a replacement command which essentially does nothing. For example CHGJOB JOB(*).
When CHGJOB is used with no parameters, the command does not change the job at all, so it's the perfect command to do "nothing."
The remaining document covers how to block CRTLIB command for user profile Tosh.
A sample CL source for the Exit Point program is:
PGM PARM( &CMDINFO &RPLCMD &LENRPLCMD)
DCL &CMDINFO *CHAR 32000
DCL &EXITNAME *CHAR 20 STG(*DEFINED) DEFVAR(&CMDINFO 1 )
DCL &EXITFMT *CHAR 8 STG(*DEFINED) DEFVAR(&CMDINFO 21 )
DCL &CMDNAM *CHAR 10 STG(*DEFINED) DEFVAR(&CMDINFO 29 )
DCL &CMDLIB *CHAR 10 STG(*DEFINED) DEFVAR(&CMDINFO 39 )
DCL &CHANGE *CHAR 1 STG(*DEFINED) DEFVAR(&CMDINFO 49 )
DCL &PROMPT *CHAR 1 STG(*DEFINED) DEFVAR(&CMDINFO 50 )
DCL &OFSCMD *INT 4 STG(*DEFINED) DEFVAR(&CMDINFO 53 )
DCL &LENCMD *INT 4 STG(*DEFINED) DEFVAR(&CMDINFO 57 )
DCL &OFSPRX *INT 4 STG(*DEFINED) DEFVAR(&CMDINFO 61 )
DCL &CNTPRX *INT 4 STG(*DEFINED) DEFVAR(&CMDINFO 65 )
DCL &RPLCMD *CHAR 32000
DCL &LENRPLCMD *INT 4
DCL &POS *INT 4
DCL &LEN *INT 4
DCL &MSGTXT *CHAR 1024
DCL &User *CHAR 10
DCL VAR(&JOBTYPE) TYPE(*CHAR) LEN(1)
/* You can use RTVJOBA USER(&User) command in the EP of QIBM_QCA_CHG_COMMAND, */
/* and do what you want, such as block a specific user from running this command. */
RTVJOBA USER(&USER) TYPE(&JOBTYPE)
IF COND(&USER *EQ 'TOSH') THEN(DO)
SNDPGMMSG MSG('Command not allowed for user:' *BCAT &User) TOPGMQ(*EXT) +
MSGTYPE(*RQS)
RCVMSG PGMQ(*EXT) MSGTYPE(*RQS) RMV(*NO)
if COND(&JOBTYPE *EQ '0') THEN(DO) /* 0 is batch */
CHGVAR VAR(&RPLCMD) VALUE('CHGJOB JOB(*)')
CHGVAR VAR(&LENRPLCMD) VALUE(14)
ENDDO
ELSE CMD(DO)
ENDRQS
ENDDO
ENDDO
ENDPGM The above CL was compiled as program BLKCRTLIB.
To block CRTLIB command for user Tosh, add this Exit Point
ADDEXITPGM EXITPNT(QIBM_QCA_CHG_COMMAND) FORMAT(CHGC0100) PGMNBR(*HIGH)
PGM(BIMBRA/BLKCRTLIB) PGMDTA(*JOB *CALC 'CRTLIB QSYS ')
From an interactive session for user TOSH, if an attempt is made to use command CRTLIB then it will be blocked.
crtlib
2300 - RTVJOBA USER(&USER) TYPE(&JOBTYPE)
2500 - SNDPGMMSG MSG('Command not allowed for user: TOSH') TOPGMQ(*EXT)
MSGTYPE(*RQS)
2700 - RCVMSG PGMQ(*EXT) MSGTYPE(*RQS) RMV(*NO)
Command not allowed for user: TOSH
2706 - ENDRQS
Last request at level 4 ended. Here user TOSH runs a batch job to use command CRTLIB.
SBMJOB CMD(CRTLIB LIB(MYTEST)) LOG(4 00 *SECLVL) LOGCLPGM(*YES)The outcome is still the same, CRTLIB will be 'blocked'.
CRTLIB is replaced by CHGJOB JOB(*) command which has no effect in the job.
*NONE Request 07/30/21 13:31:12.498526 QWTSCSBJ *N QCMD QSYS 0195
Message . . . . : -CRTLIB LIB(MYTEST)
*NONE Command 07/30/21 13:31:12.499261 QCADRV QSYS 041C BLKCRTLIB BIMBRA *STMT
To module . . . . . . . . . : BLKCRTLIB
To procedure . . . . . . . : BLKCRTLIB
Statement . . . . . . . . . : 2300
Message . . . . : 2300 - RTVJOBA USER(&USER) TYPE(&JOBTYPE)
*NONE Command 07/30/21 13:31:12.499443 QCADRV QSYS 041C BLKCRTLIB BIMBRA *STMT
To module . . . . . . . . . : BLKCRTLIB
To procedure . . . . . . . : BLKCRTLIB
Statement . . . . . . . . . : 2500
Message . . . . : 2500 - SNDPGMMSG MSG('Command not allowed for user:
TOSH') TOPGMQ(*EXT) MSGTYPE(*RQS)
*NONE Command 07/30/21 13:31:12.499553 QCADRV QSYS 041C BLKCRTLIB BIMBRA *STMT
To module . . . . . . . . . : BLKCRTLIB
To procedure . . . . . . . : BLKCRTLIB
Statement . . . . . . . . . : 2700
Message . . . . : 2700 - RCVMSG PGMQ(*EXT) MSGTYPE(*RQS) RMV(*NO)
*NONE Request 07/30/21 13:31:12.500180 BLKCRTLIB BIMBRA *STMT BLKCRTLIB BIMBRA *STMT
From module . . . . . . . . : BLKCRTLIB
From procedure . . . . . . : BLKCRTLIB
Statement . . . . . . . . . : 2500
To module . . . . . . . . . : BLKCRTLIB
To procedure . . . . . . . : BLKCRTLIB
Statement . . . . . . . . . : 2700
Message . . . . : -Command not allowed for user: TOSH
*NONE Command 07/30/21 13:31:12.500275 QCLRTNE QSYS 0058 BLKCRTLIB BIMBRA *STMT
To module . . . . . . . . . : BLKCRTLIB
To procedure . . . . . . . : BLKCRTLIB
Statement . . . . . . . . . : 3000
Message . . . . : - RETURN /* RETURN due to end of CL program
*/
*NONE Command 07/30/21 13:31:12.500417 QCADRV2 QSYS 04C7 QCMD QSYS 01C8
Message . . . . : CHGJOB JOB(*)
CPF1164 Completion 00 07/30/21 13:31:12.501217 QWTMCEOJ QSYS 0161 *EXT *N
Message . . . . : Job 021641/TOSH/QDFTJOBD ended on 07/30/21 at 13:31:12;
.005 seconds used; end code 0 .Document Location
Worldwide
Was this topic helpful?
Document Information
More support for:
IBM i
Component:
Programming ILE Languages
Software version:
All Version(s)
Operating system(s):
IBM i
Document number:
6208026
Modified date:
30 July 2021
UID
ibm16208026