IBM Support

Tool to List Private Authorities

Troubleshooting


Problem

This program lists all private authorities for a user profile for the applicable releases; see release information above.

Resolving The Problem

Introduction

A tool was created to list private authorities for a user profile. This becomes essential when message CPD373D is issued when attempting to save user profiles. Rochester Support Center knowledgebase document New, Working a CPD373D Problem: User Profile Too Large to Save, describes the problem and provides general information regarding how to resolve the problem. To link to document New immediately, click here .
 
Caution: This tool is provided on an as is basis and is not supported by IBM.
Method 1(Preferred):  
The QSPTLIB can be obtained by using Option 22 from the GO MG menu on the QMGTOOLS library. For information on how to download QMGTOOLS, please refer to dcf # N1011297 or in the following link:

http://www.ibm.com/support/docview.wss?uid=nas8N1011297
 
Method 2:

This tool is available as a command on a new menu provided by the following SAVEFILE PTF for the given release:

V5R2M0 - SE06946
V5R3M0 - SE16633
V5R4M0 - SE24152
V6R1M0 - SE32507
V7R1M0 - SE45610
V7R2M0- Available on website below
V7R3M0- Available via QMGTOOLS
V7R4M0- Available via QMGTOOLS

The tool can also be downloaded from the following site:

http://public.dhe.ibm.com/services/us/igsc/qsptlib/

A savefile PTF is not a real PTF. It is a SAVLIB of the QSPTLIB library in a savefile format. To install the savefile PTF, you would do a RSTLIB of QSPTLIB from the save file. You cannot do a LODPTF or APYPTF of a savefile PTF.


Restore command for V6R1:  

RSTLIB SAVLIB(QSPTLIB) DEV(*SAVF) SAVF(QGPL/QSE32507)  

For other releases, replace the save file name (QGPL/Qxxxxxxx) with the PTF number for that release. xxxxxxx = PTF number.

The Support tools menu (SPTMNU) now has an Option 7. Security tools menu (SCTMNU) which provides the following options:
o Retrieve owned object list for a user.
o Retrieve private authorities for a user.
This new menu can also be entered using the command GO SCTMNU.

Option 2 of the menu provides the tool using the command Retrieve private authorities (RTVPRVAUT) which looks similar to the following:

User profile name  . . . . . . .                 name                  
Object authorities output file     QOBJPRVAUT    QPRVAUTFL, name      
  Library  . . . . . . . . . . .     *CURLIB     *CURLIB, name        
  Member . . . . . . . . . . . .   *FIRST        *FIRST, name          
  Replace or add records . . . .   *ADD          *ADD, *REPLACE        
Integrated File System authorities output file  . .   QIFSPRVAUT    QIFSPRVFL, name      
  Library  . . . . . . . . . . .     *CURLIB     Name, *CURLIB        
  Member . . . . . . . . . . . .   *FIRST        *FIRST, name          
  Replace or add records . . . .   *ADD          *ADD, *REPLACE        
Delete user spaces . . . . . . .   *YES          *YES, *NO, *YES, *NO  
                                           
Press F11 to enable the parameter names to be displayed:

User profile name  . . . . . . . USRPRF                        
Object authorities output file   TOFILEA        QOBJPRVAUT      
  Library  . . . . . . . . . . .                  *CURLIB      
  Member . . . . . . . . . . . . OUTMBRA        *FIRST          
  Replace or add records . . . . MBROPTA        *ADD            
Integrated File System authorities output file  . . TOFILEB        QIFSPRVAUT      
  Library  . . . . . . . . . . .                  *CURLIB      
  Member . . . . . . . . . . . . OUTMBRB        *FIRST          
  Replace or add records . . . . MBROPTB        *ADD            
Delete user spaces . . . . . . . DLTSURSPC      *YES                                      

The User profile name field must receive a value. All other fields can remain the default value.

When the command is run, a file specified by the parameter TOFILEA will be created to contain information for library type objects for which the named profile has private authority. Similarly, a file specified by the parameter TOFILEB will be created to contain information for Integrated File System type objects for which the named profile has private authority. One or more user spaces will be created in the same libraries. The user space objects will be deleted prior to completion if the DLTUSRSPC parameter is set to *YES.

Running the Tool

The command can be run interactively or submitted as a batch job. The command can be entered via the command RTVPRVAUT as described above. If the named profile has a large number of owned objects, the program can run for hours. Consequently, running the program in batch mode is recommended. The tool does not get a lock on the user profile being processed.

Library objects:
The tool calls API QSYLOBJA repeatedly, with format OBJA0300, to obtain a list of all library objects (libraries and objects in libraries) which the specified user:
o Owns
o Is authorized to
o Is the primary group
If there are too many such objects for QSYLOBJA to pass back in one user space object, QSYLOBJA is called again as many times as is necessary. Each call to QSYLOBJA is preceded by the creation of a user space having a name of the form US0300nnnn, where nnnn starts with 0001 for the first user space and is incremented as necessary. The tool also creates a physical file based on the OBJA0300PF template file which is a member in source file QSPTSRC in library QSPTLIB. This file will be named and reside in a library as specified by the TOFILEA parameter. All the fields from the OBJA0300 format are in each record of the OBJA300PF file.

Among the various library objects which can be reported are document objects that will be reported as *DOC type objects in library QDOC. The object name reported is the *SYSOBJNAM, rather than the document name in the folder the document resides in. The following command can be used to identify the folder name and document name:

DSPDLONAM DLO(*SYSOBJNAM) SYSOBJNAM(LBZP402412)

The object name from the output file is used as SYSOBJNAM.

Integrated File System objects:
The tool calls API QSYLOBJA repeatedly with format OBJA0310 to obtain a list of all Integrated File System objects which the specified user:
o Owns
o Is authorized to
o Is the primary group
If there are too many such objects for QSYLOBJA to pass back in one user space object, QSYLOBJA is called again as many times as is needed. Each call to QSYLOBJA is preceded by the creation of a user space having a name of the form US0310nnnn, where nnnn starts with 0001 for the first user space and is incremented as necessary. The tool also creates a physical file based on the OBJA0310PF template file which is a member in source file QSPTSRC in library QSPTLIB. This file will be named and reside in a library as specified by the TOFILEB parameter. All the fields from the OBJA0310 format are in each record of the OBJA300PF file.

The L1OWNRSHP field in the OBJA0300PF file and the L2OWNRSHP field in the OBJA0310PF file indicates whether the user owns the object or is the primary group for the object. If the user owns the object, this field is Y. If the user is the primary group for the object, this field is G. Otherwise, this field is N indicating private authority. Only records with a L1OWNRSHP/L2OWNRSHP value of N will be included in the output files.

One of the pass-back fields of the OBJA0310 format is the full path name of the directory object. The maximum length of a path name on the system is 16 megabytes. It is impractical, and most likely unnecessary, to create a physical database file capable of storing path names of such length. Therefore, the RPGLE program and the OBJA0310PF DDS are being released with a length of 120 characters for that field. RPGLE_0031 checks each path name passed back via the user space object. RPGLE_0031 stores in the OBJA0310PF physical file record up to 120 characters of each full path name. If a path name is longer than 120 characters, a path truncated flag is set to signal that the path was truncated. RPGLE_0031 also saves the additional information that enables another program to access the full path name directly from the user space objects, assuming the user had specified a DLTFLG value of N when invoking the tool. The fields of interest here are the following:
 
L2US 10A TEXT('NAME OF USRSPC')
L2USLIB 10A TEXT('NAME OF USRSPC LIBRARY')
L2OFST 9B 0 TEXT('OFFSET IN USER SPACE')
L2OFSTPATH 9B 0 TEXT('OFFSET TO PATH NAME')
L2PATH 120A TEXT('PATH NAME')
L2TRNCFLAG 1A TEXT('TRUNCATION FLAG')

The truncation flag is set to Y if the path name stored in the physical file was truncated; otherwise, the flag is set to N.

If any path name found had to be truncated, the tool will send a message similar to the following when the job completes:

Maximum path length = 0000000288

This message is displayed on the screen if the tool was run interactively, and it is also shown in the joblog. If the tool was run from a batch job, the maximum length message will be in the job log as the last message above the CPF1164 Job ended message. As indicated, the message provides the maximum path length found by the tool.

Using the Physical Files Created by the Tool

After a set of physical files have been created by the tool, create a query to view the information from the physical files. No queries are provided with the library containing the tool. It is possible to create a program that uses the physical files as input and grants a different user the same private authorities to certain objects as are currently held by the user for which the tool was used.

Related Tool

Rochester Support Center document Tool to List All Objects Owned by User uses the same API and generates a list of the same objects. To link to document New immediately, click here:
The difference between the two tools is that the other tool does not include any of the authority related fields in the output physical file.

Additional Tools

There is a CHGAUTALL tool that can be very useful in changing private authorities of Integrated File System objects. This tool is described in Rochester Support Center document Integrated File System Tools: DEL, DELTREE, ATTRIB, CHGAUTALL, CHGOWNALL, QRYIFSLIB, DLTIFSF, RNMIFSF. To link to document immediately, click here.

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.1.0"}]

Historical Number

333818685

Document Information

Modified date:
15 September 2020

UID

nas8N1019215