Reduce the number of *ALLOBJ users

One concern I frequently hear in my classes is administrators reluctantly having to grant "low" level users excessive authority to handle some of the more simple and mundane tasks. One such chore is the enabling of profiles. In many cases, help desk staff is given "All Object" authority to handle such requests.

A more practical solution is to give such personnel *Use authority of a simple CL program that "adopts" the required authority to perform the CHGUSRPRF. In such an arrangement, the user only has authority when they call the program. Once the program goes to EOJ, they "lose" the power to change the profile. While an improvement, there is still the issue that the CHGUSRPRF is very powerful command, capable of changing 40+ parameters.

To further restrict the user's capabilities, we employ Selective Command Prompting in the program; in essence we limit the parameters/values they can modify. Of course, programs should be "user friendly" so error message handling is also included. Not bad for less than 20 lines of code.

0001.00  PGM                                                                            
0001.01  /* ************************************************************************* */
0002.00  /*  Program uses selective Command Prompting to display CHGUSRPRF with       */
0003.00  /*  limited Parameters. Additional parameters can be added. Precede the      */
0004.00  /*  Keyword with ?? to display and allow changes.  A "?*" before the         */
0005.00  /*  Keyword will display it but will not allow user to change the value.     */
0006.00  /*                                                                           */
0007.00  /*  The User Profile field is initially filled in with the user's profile.   */
0008.00  /*  Monitor Message's are used to determine if Update was successful.  If    */
0009.00  /*  not, the Profile field is again filled with the User's profile.          */
0010.00  /*                                                                           */
0011.00  /*  After each attempt to Enable/Update a profile, the user is asked if      */
0012.00  /*  they wish to continue updating profiles.                                 */
0013.00  /*                                                                           */
0014.00  /*  Program can be Compiled/Created to adopt authority of a Profile with     */
0015.00  /*  authority to update profiles. Recommend that PGM's Public Authority      */
0016.00  /*  be set to *Exclude and only specific users be granted *Use Authority     */
0017.00  /*  of the Program.  If using Adopted Authority, please read the Help text   */
0017.01  /*  for the Replace parameter of the CRTCLPGM command.                       */
0018.00  /* ************************************************************************* */
0020.00              DCL        VAR(&MSG) TYPE(*CHAR) LEN(80)                           
0021.00              DCL        VAR(&ANSWER) TYPE(*CHAR) LEN(1) VALUE(Y)                
0022.00              DCL        VAR(&PROFILE) TYPE(*CHAR) LEN(10)                       
0023.00              RTVJOBA    USER(&PROFILE)                                          
0021.00              DCL        VAR(&ANSWER) TYPE(*CHAR) LEN(1) VALUE(Y)                
0022.00              DCL        VAR(&PROFILE) TYPE(*CHAR) LEN(10)                       
0023.00              RTVJOBA    USER(&PROFILE)                                          
0025.00 DOAGAIN:    CHGUSRPRF ??USRPRF(&PROFILE) ?*STATUS(*ENABLED)                     
0026.00             MONMSG     MSGID(CPF0000) +                                         
0027.00               EXEC(DO)                                                          
0028.00                   CHGVAR VAR(&MSG) VALUE('Error - Last profile NOT Updated. +   
0029.00                          Do you wish to continue (Y or N)?      ')              
0030.00                    RTVJOBA  USER(&PROFILE) /* Put a valid profile in field */   
0031.00                    GOTO CMDLBL(SNDMSG)                                          
0032.00               ENDDO                                                             
0034.00 GOODUPDATE:  CHGVAR VAR(&MSG) VALUE('Profile was Successfully Updated. +        
0035.00                     Do you wish to continue (Y or N)?      ')                   
0037.10                        MSGTYPE(*INQ) TOMSGQ(*EXT)  MSGRPY(&ANSWER) +
0038.00                         TRNTBL(QSYSTRNTBL)  
0041.00 TESTANS:    IF COND(&ANSWER = 'Y') THEN(GOTO CMDLBL(DOAGAIN))                    
0043.00 EXITOUT:    RETURN                                                               
0044.00 ENDPGM                                                                           


This was first published in June 2003

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.