Troubleshooting
Problem
This program lists all private authorities for a user profile for the applicable releases; see release information above.
Resolving The Problem
Introduction
A tool was created to list private authorities for a user profile. This becomes essential when message CPD373D is issued when attempting to save user profiles. Rochester Support Center knowledgebase document New, Working a CPD373D Problem: User Profile Too Large to Save, describes the problem and provides general information regarding how to resolve the problem. To link to document New immediately, click here .
This tool is available as a command on a new menu provided by the following SAVEFILE PTF for the given release:
V5R2M0 - SE06946
V5R3M0 - SE16633
V5R4M0 - SE24152
V6R1M0 - SE32507
V7R1M0 - SE45610
V7R2M0- Available on website below
The tool can also be downloaded from the following site:
http://public.dhe.ibm.com/services/us/igsc/qsptlib/
A savefile PTF is not a real PTF. It is a SAVLIB of the QSPTLIB library in a savefile format. To install the savefile PTF, you would do a RSTLIB of QSPTLIB from the save file. You cannot do a LODPTF or APYPTF of a savefile PTF.
Restore command for V6R1:
RSTLIB SAVLIB(QSPTLIB) DEV(*SAVF) SAVF(QGPL/QSE32507)
For other releases, replace the save file name (QGPL/Qxxxxxxx) with the PTF number for that release. xxxxxxx = PTF number.
The Support tools menu (SPTMNU) now has an Option 7. Security tools menu (SCTMNU) which provides the following options:
This new menu can also be entered using the command GO SCTMNU.
Option 2 of the menu provides the tool using the command Retrieve private authorities (RTVPRVAUT) which looks similar to the following:
User profile name . . . . . . . name
Object authorities output file QOBJPRVAUT QPRVAUTFL, name
Library . . . . . . . . . . . *CURLIB *CURLIB, name
Member . . . . . . . . . . . . *FIRST *FIRST, name
Replace or add records . . . . *ADD *ADD, *REPLACE
Integrated File System authorities output file . . QIFSPRVAUT QIFSPRVFL, name
Library . . . . . . . . . . . *CURLIB Name, *CURLIB
Member . . . . . . . . . . . . *FIRST *FIRST, name
Replace or add records . . . . *ADD *ADD, *REPLACE
Delete user spaces . . . . . . . *YES *YES, *NO, *YES, *NO
Press F11 to enable the parameter names to be displayed:
User profile name . . . . . . . USRPRF
Object authorities output file TOFILEA QOBJPRVAUT
Library . . . . . . . . . . . *CURLIB
Member . . . . . . . . . . . . OUTMBRA *FIRST
Replace or add records . . . . MBROPTA *ADD
Integrated File System authorities output file . . TOFILEB QIFSPRVAUT
Library . . . . . . . . . . . *CURLIB
Member . . . . . . . . . . . . OUTMBRB *FIRST
Replace or add records . . . . MBROPTB *ADD
Delete user spaces . . . . . . . DLTSURSPC *YES
The User profile name field must receive a value. All other fields can remain the default value.
When the command is run, a file specified by the parameter TOFILEA will be created to contain information for library type objects for which the named profile has private authority. Similarly, a file specified by the parameter TOFILEB will be created to contain information for Integrated File System type objects for which the named profile has private authority. One or more user spaces will be created in the same libraries. The user space objects will be deleted prior to completion if the DLTUSRSPC parameter is set to *YES.
Running the Tool
The command can be run interactively or submitted as a batch job. The command can be entered via the command RTVPRVAUT as described above. If the named profile has a large number of owned objects, the program can run for hours. Consequently, running the program in batch mode is recommended. The tool does not get a lock on the user profile being processed.
Library objects:
The tool calls API QSYLOBJA repeatedly, with format OBJA0300, to obtain a list of all library objects (libraries and objects in libraries) which the specified user:
If there are too many such objects for QSYLOBJA to pass back in one user space object, QSYLOBJA is called again as many times as is necessary. Each call to QSYLOBJA is preceded by the creation of a user space having a name of the form US0300nnnn, where nnnn starts with 0001 for the first user space and is incremented as necessary. The tool also creates a physical file based on the OBJA0300PF template file which is a member in source file QSPTSRC in library QSPTLIB. This file will be named and reside in a library as specified by the TOFILEA parameter. All the fields from the OBJA0300 format are in each record of the OBJA300PF file.
Among the various library objects which can be reported are document objects that will be reported as *DOC type objects in library QDOC. The object name reported is the *SYSOBJNAM, rather than the document name in the folder the document resides in. The following command can be used to identify the folder name and document name:
DSPDLONAM DLO(*SYSOBJNAM) SYSOBJNAM(LBZP402412)
The object name from the output file is used as SYSOBJNAM.
Integrated File System objects:
The tool calls API QSYLOBJA repeatedly with format OBJA0310 to obtain a list of all Integrated File System objects which the specified user:
If there are too many such objects for QSYLOBJA to pass back in one user space object, QSYLOBJA is called again as many times as is needed. Each call to QSYLOBJA is preceded by the creation of a user space having a name of the form US0310nnnn, where nnnn starts with 0001 for the first user space and is incremented as necessary. The tool also creates a physical file based on the OBJA0310PF template file which is a member in source file QSPTSRC in library QSPTLIB. This file will be named and reside in a library as specified by the TOFILEB parameter. All the fields from the OBJA0310 format are in each record of the OBJA300PF file.
The L1OWNRSHP field in the OBJA0300PF file and the L2OWNRSHP field in the OBJA0310PF file indicates whether the user owns the object or is the primary group for the object. If the user owns the object, this field is Y. If the user is the primary group for the object, this field is G. Otherwise, this field is N indicating private authority. Only records with a L1OWNRSHP/L2OWNRSHP value of N will be included in the output files.
One of the pass-back fields of the OBJA0310 format is the full path name of the directory object. The maximum length of a path name on the system is 16 megabytes. It is impractical, and most likely unnecessary, to create a physical database file capable of storing path names of such length. Therefore, the RPGLE program and the OBJA0310PF DDS are being released with a length of 120 characters for that field. RPGLE_0031 checks each path name passed back via the user space object. RPGLE_0031 stores in the OBJA0310PF physical file record up to 120 characters of each full path name. If a path name is longer than 120 characters, a path truncated flag is set to signal that the path was truncated. RPGLE_0031 also saves the additional information that enables another program to access the full path name directly from the user space objects, assuming the user had specified a DLTFLG value of N when invoking the tool. The fields of interest here are the following:
The truncation flag is set to Y if the path name stored in the physical file was truncated; otherwise, the flag is set to N.
If any path name found had to be truncated, the tool will send a message similar to the following when the job completes:
Maximum path length = 0000000288
This message is displayed on the screen if the tool was run interactively, and it is also shown in the joblog. If the tool was run from a batch job, the maximum length message will be in the job log as the last message above the CPF1164 Job ended message. As indicated, the message provides the maximum path length found by the tool.
Using the Physical Files Created by the Tool
After a set of physical files have been created by the tool, create a query to view the information from the physical files. No queries are provided with the library containing the tool. It is possible to create a program that uses the physical files as input and grants a different user the same private authorities to certain objects as are currently held by the user for which the tool was used.
Related Tool
Rochester Support Center document Tool to List All Objects Owned by User uses the same API and generates a list of the same objects. To link to document New immediately, click here:
A tool was created to list private authorities for a user profile. This becomes essential when message CPD373D is issued when attempting to save user profiles. Rochester Support Center knowledgebase document New, Working a CPD373D Problem: User Profile Too Large to Save, describes the problem and provides general information regarding how to resolve the problem. To link to document New immediately, click here .
| Caution: This tool is provided on an as is basis and is not supported by IBM. |
Method 1(Preferred):
The QSPTLIB can be obtained by using Option 22 from the GO MG menu on the QMGTOOLS library. For information on how to download QMGTOOLS, please refer to dcf # N1011297 or in the following link:
http://www.ibm.com/support/docview.wss?uid=nas8N1011297
http://www.ibm.com/support/docview.wss?uid=nas8N1011297
Method 2:
This tool is available as a command on a new menu provided by the following SAVEFILE PTF for the given release:
V5R2M0 - SE06946
V5R3M0 - SE16633
V5R4M0 - SE24152
V6R1M0 - SE32507
V7R1M0 - SE45610
V7R2M0- Available on website below
V7R3M0- Available via QMGTOOLS
V7R4M0- Available via QMGTOOLS
The tool can also be downloaded from the following site:
http://public.dhe.ibm.com/services/us/igsc/qsptlib/
A savefile PTF is not a real PTF. It is a SAVLIB of the QSPTLIB library in a savefile format. To install the savefile PTF, you would do a RSTLIB of QSPTLIB from the save file. You cannot do a LODPTF or APYPTF of a savefile PTF.
Restore command for V6R1:
RSTLIB SAVLIB(QSPTLIB) DEV(*SAVF) SAVF(QGPL/QSE32507)
For other releases, replace the save file name (QGPL/Qxxxxxxx) with the PTF number for that release. xxxxxxx = PTF number.
The Support tools menu (SPTMNU) now has an Option 7. Security tools menu (SCTMNU) which provides the following options:
| o | Retrieve owned object list for a user. |
| o | Retrieve private authorities for a user. |
Option 2 of the menu provides the tool using the command Retrieve private authorities (RTVPRVAUT) which looks similar to the following:
User profile name . . . . . . . name
Object authorities output file QOBJPRVAUT QPRVAUTFL, name
Library . . . . . . . . . . . *CURLIB *CURLIB, name
Member . . . . . . . . . . . . *FIRST *FIRST, name
Replace or add records . . . . *ADD *ADD, *REPLACE
Integrated File System authorities output file . . QIFSPRVAUT QIFSPRVFL, name
Library . . . . . . . . . . . *CURLIB Name, *CURLIB
Member . . . . . . . . . . . . *FIRST *FIRST, name
Replace or add records . . . . *ADD *ADD, *REPLACE
Delete user spaces . . . . . . . *YES *YES, *NO, *YES, *NO
Press F11 to enable the parameter names to be displayed:
User profile name . . . . . . . USRPRF
Object authorities output file TOFILEA QOBJPRVAUT
Library . . . . . . . . . . . *CURLIB
Member . . . . . . . . . . . . OUTMBRA *FIRST
Replace or add records . . . . MBROPTA *ADD
Integrated File System authorities output file . . TOFILEB QIFSPRVAUT
Library . . . . . . . . . . . *CURLIB
Member . . . . . . . . . . . . OUTMBRB *FIRST
Replace or add records . . . . MBROPTB *ADD
Delete user spaces . . . . . . . DLTSURSPC *YES
The User profile name field must receive a value. All other fields can remain the default value.
When the command is run, a file specified by the parameter TOFILEA will be created to contain information for library type objects for which the named profile has private authority. Similarly, a file specified by the parameter TOFILEB will be created to contain information for Integrated File System type objects for which the named profile has private authority. One or more user spaces will be created in the same libraries. The user space objects will be deleted prior to completion if the DLTUSRSPC parameter is set to *YES.
Running the Tool
The command can be run interactively or submitted as a batch job. The command can be entered via the command RTVPRVAUT as described above. If the named profile has a large number of owned objects, the program can run for hours. Consequently, running the program in batch mode is recommended. The tool does not get a lock on the user profile being processed.
Library objects:
The tool calls API QSYLOBJA repeatedly, with format OBJA0300, to obtain a list of all library objects (libraries and objects in libraries) which the specified user:
| o | Owns |
| o | Is authorized to |
| o | Is the primary group |
Among the various library objects which can be reported are document objects that will be reported as *DOC type objects in library QDOC. The object name reported is the *SYSOBJNAM, rather than the document name in the folder the document resides in. The following command can be used to identify the folder name and document name:
DSPDLONAM DLO(*SYSOBJNAM) SYSOBJNAM(LBZP402412)
The object name from the output file is used as SYSOBJNAM.
Integrated File System objects:
The tool calls API QSYLOBJA repeatedly with format OBJA0310 to obtain a list of all Integrated File System objects which the specified user:
| o | Owns |
| o | Is authorized to |
| o | Is the primary group |
The L1OWNRSHP field in the OBJA0300PF file and the L2OWNRSHP field in the OBJA0310PF file indicates whether the user owns the object or is the primary group for the object. If the user owns the object, this field is Y. If the user is the primary group for the object, this field is G. Otherwise, this field is N indicating private authority. Only records with a L1OWNRSHP/L2OWNRSHP value of N will be included in the output files.
One of the pass-back fields of the OBJA0310 format is the full path name of the directory object. The maximum length of a path name on the system is 16 megabytes. It is impractical, and most likely unnecessary, to create a physical database file capable of storing path names of such length. Therefore, the RPGLE program and the OBJA0310PF DDS are being released with a length of 120 characters for that field. RPGLE_0031 checks each path name passed back via the user space object. RPGLE_0031 stores in the OBJA0310PF physical file record up to 120 characters of each full path name. If a path name is longer than 120 characters, a path truncated flag is set to signal that the path was truncated. RPGLE_0031 also saves the additional information that enables another program to access the full path name directly from the user space objects, assuming the user had specified a DLTFLG value of N when invoking the tool. The fields of interest here are the following:
| L2US | 10A | TEXT('NAME OF USRSPC') |
| L2USLIB | 10A | TEXT('NAME OF USRSPC LIBRARY') |
| L2OFST | 9B 0 | TEXT('OFFSET IN USER SPACE') |
| L2OFSTPATH | 9B 0 | TEXT('OFFSET TO PATH NAME') |
| L2PATH | 120A | TEXT('PATH NAME') |
| L2TRNCFLAG | 1A | TEXT('TRUNCATION FLAG') |
The truncation flag is set to Y if the path name stored in the physical file was truncated; otherwise, the flag is set to N.
If any path name found had to be truncated, the tool will send a message similar to the following when the job completes:
Maximum path length = 0000000288
This message is displayed on the screen if the tool was run interactively, and it is also shown in the joblog. If the tool was run from a batch job, the maximum length message will be in the job log as the last message above the CPF1164 Job ended message. As indicated, the message provides the maximum path length found by the tool.
Using the Physical Files Created by the Tool
After a set of physical files have been created by the tool, create a query to view the information from the physical files. No queries are provided with the library containing the tool. It is possible to create a program that uses the physical files as input and grants a different user the same private authorities to certain objects as are currently held by the user for which the tool was used.
Related Tool
Rochester Support Center document Tool to List All Objects Owned by User uses the same API and generates a list of the same objects. To link to document New immediately, click here:
The difference between the two tools is that the other tool does not include any of the authority related fields in the output physical file.
Additional Tools
There is a CHGAUTALL tool that can be very useful in changing private authorities of Integrated File System objects. This tool is described in Rochester Support Center document Integrated File System Tools: DEL, DELTREE, ATTRIB, CHGAUTALL, CHGOWNALL, QRYIFSLIB, DLTIFSF, RNMIFSF. To link to document immediately, click here.
Additional Tools
There is a CHGAUTALL tool that can be very useful in changing private authorities of Integrated File System objects. This tool is described in Rochester Support Center document Integrated File System Tools: DEL, DELTREE, ATTRIB, CHGAUTALL, CHGOWNALL, QRYIFSLIB, DLTIFSF, RNMIFSF. To link to document immediately, click here.
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.1.0"}]
Historical Number
333818685
Was this topic helpful?
Document Information
Modified date:
15 September 2020
UID
nas8N1019215