ADOPT Authority

20 pts.
Tags:
Application development
AS/400
CLP
DataCenter
Hi I have a CL program in which there is command on which I do not have authority to execute. So I am not able to compile the program. Is there any way some one else, who has the authoruty on that command compile it and then I can execute the program? I have heard about something about ADOPT authority wherein whenever an object is called by another user who has not created the object, the system grants authority of the creator to the user - basically meaning that user of the object adopts the authority of the creator for the moment and then when the use is compelete, the authority of the user comes again to the normal level to which he has been set.

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hi!
You can try the following approach.

CHGPGM PGM(XXX)
USRPRF(*OWNER)
USEADPAUT(*YES)

Where XXX is the OWNER of the object who has authority to execute that command.

==========================================================

Try a simple version like the following:<pre>
pgm

dcl &cmd *char 128 value( ‘?sndmsg’ )

call qcmdchk ( &cmd 128 )
sndjrne jrn( QAUDJRN ) type( JC ) entdta( &CMD )
call qcmdexc ( &cmd 128 )

return

endpgm</pre>
Compile with:<pre>
CRTBNDCL PGM( mylib/TSTPMTCL )
SRCFILE( mylib/QCLSRC )
SRCMBR( TSTPMTCL )
DFTACTGRP( *NO )
ACTGRP( *NEW )
USRPRF( *OWNER )
LOG( *YES )
DBGVIEW( *ALL )</pre>
The example uses a SNDMSG command. If you used it, you might replace SNDMSG with CRTCLMOD or CRTBNDCL to compile your programs.

The program will prompt the command that you put in the value for &cmd and let you fill in the parms. It will then log the command in QAUDJRN in a U/JC entry. (Use any two characters that you like. I used JC just because it might mean “journaled command”.) Then it executes the command with whatever parms were filled in by you.

You might want to increase the size of &cmd from 128. And you might want to add error checking too.

Because CRTBNDCL uses USRPRF(*OWNER) when it’s compiled, the program will use the authority of its owner whenever you don’t have sufficient authority — it will ‘adopt’ authority if it’s needed. Note that USEADPAUT() has no reason to be there.

When the program is created, edit the program object authority to change your authority to *USE. Then change the program ownership to some other profile that has authority to commands from which you are excluded. Don’t revoke your authority when ownership is changed.

You will then have the authority to use the program, but you will no longer own it. The owner will have authority to use commands that you don’t have authority to. The program will adopt owner authority when you need it. And it will create an audit trail of the command that you executed under the enhanced authority.

Pretty simple if you look at it, but it contains the basics of everything you need.

Tom

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following