如何檢核某位使用者是否有某些特殊權限?(Command CHKSPCAUT with API QSYCUSRS)
QSYCUSRS -- Check User Special Authorities (QSYCUSRS) API
此 API 可檢核個人與群組組合的特殊權限.
CHKSPCAUT 指令可以檢核某一使用者是否有指定的特殊權限, 若無時, 此指令會拋出 CPFB304 的錯誤訊息ID
, 只要於 CLP 中監控此錯誤訊息ID,即知該使用者無所指定的特殊權限.
詳細訊息參照:
http://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/apis/QSYCUSRS.htm
File : QCLSRC
Member: CHKSPCAUTC
Type : CLP
Usage : CRTCLPGM CHKSPCAUTC
PGM (&USER &SPCAUT)
/*--------------------------------------------------------*/
/* declaration */
/*--------------------------------------------------------*/
dcl &user *char 10
dcl &spcaut *char 82
dcl &autind *char 1
dcl &auts *char 80
dcl &autsno *char 4
dcl &calllvl *char 4 X'00000000'
dcl &errcde *char 8 X'0000000000000000'
dcl &spcautnoc *char 2
dcl &spcautno *dec 10
dcl &spcautlen *dec 10
/*--------------------------------------------------------*/
/* error message variables */
/*--------------------------------------------------------*/
dcl &error *lgl /* std err */
dcl &msgid *char 7 /* std err */
dcl &msgkey *char 4 /* std err */
dcl &msgdta *char 100 /* std err */
dcl &msgf *char 10 /* std err */
dcl &msgflib *char 10 /* std err */
dcl &msgtyp *char 10 '*DIAG' /* std err */
dcl &msgtypctr *char 4 X'00000001' /* std err */
dcl &pgmmsgq *char 10 '*' /* std err */
dcl &stkctr *char 4 X'00000001' /* std err */
dcl &errbytes *char 4 X'00000000' /* std err */
monmsg msgid(cpf0000) exec(goto error)
chgvar &spcautnoc %sst(&spcaut 1 2)
chgvar &spcautno %bin(&spcautnoc)
chgvar &spcautlen (&spcautno * 10)
chgvar %bin(&autsno) &spcautno
chgvar &auts %sst(&spcaut 3 &Spcautlen)
if (%sst(&spcaut 3 10) *EQ '*ALL ') do
chgvar &auts ('*ALLOBJ +
*AUDIT +
*IOSYSCFG +
*JOBCTL +
*SAVSYS +
*SECADM +
*SERVICE +
*SPLCTL ')
chgvar %bin(&autsno) 8
enddo
/*--------------------------------------------------------*/
/* Check authority */
/*--------------------------------------------------------*/
call QSYCUSRS parm(&autind +
&user +
&auts +
&autsno +
&calllvl +
&errcde)
/* RETURN &AUTIND */
/* Y The user has the specified special authorities. */
/* N The user does not have the specified special authorities.*/
if (&autind = 'Y') goto end
sndpgmmsg msgid(cpfb304) +
msgf(qcpfmsg) +
msgtype(*escape)
/*--------------------------------------------------------*/
/* error routine: */
/*--------------------------------------------------------*/
error:
if &error (goto errordone)
else chgvar &error '1'
/*----------------------------------------------*/
/* move all *DIAG message to *PRV program queue*/
/*----------------------------------------------*/
call QMHMOVPM (&msgkey +
&msgtyp +
&msgtypctr +
&pgmmsgq +
&stkctr +
&errbytes)
/*----------------------------------------------*/
/* resend the last *ESCAPE message */
/*----------------------------------------------*/
errordone:
call QMHRSNEM (&msgkey +
&errbytes)
monmsg cpf0000 exec(do)
sndpgmmsg msgid(cpf3cf2) msgf(QCFPMSG) +
msgdta('QMHRSNEM') msgtype(*escape)
monmsg cpf0000
enddo
end:
endpgm
File : QCMDSRC
Member: CHKSPCAUT
Type : CMD
Usage : CRTCMD CMD(CHKSPCAUT) PGM(CHKSPCAUTC)
/********************************************************************/
/* Title: CHKSPCAUT: Check User Special Authority */
/* */
/* Description - This command performs special authority checked */
/* */
/* The Create Command command should include the following: */
/* */
/* CRTCMD CMD(CHKSPCAUT) PGM(CHKSPCAUTC) */
/* */
/* Usage in clp: */
/* CHKSPCAUT USER(TEST) SPCAUT(*ALL) */
/* MONMSG CPFB304 EXEC(DO) */
/* SNDPGMMSG MSG('USER DON'T HAVE SPECIFIED AUTHORITY') */
/* ENDDO */
/********************************************************************/
/*------------------------------------------------*/
/* Command Definition */
/*------------------------------------------------*/
CMD PROMPT('Check user special authority')
PARM KWD(USER) TYPE(*SNAME) LEN(10) MIN(1) +
PROMPT('User name')
PARM KWD(SPCAUT) TYPE(*CHAR) LEN(10) RSTD(*YES) +
VALUES(*ALLOBJ *AUDIT *IOSYSCFG *JOBCTL +
*SAVSYS *SECADM *SERVICE *SPLCTL) +
SPCVAL((*ALL)) MIN(1) MAX(8) EXPR(*YES) +
PROMPT('Special authority')
File : QCLSRC
Member: CHKSPCAUTT
Type : CLP
Usage : CRTCLPGM CHKSPCAUTT
假設有一個使用者 TEST, 要檢核其是否有哪些特殊權限, 可以用以下範例
PGM
CHKSPCAUT USER(TEST) SPCAUT(*ALL)
MONMSG CPFB304 EXEC(DO)
SNDPGMMSG MSG('User TEST didn''t have *all spcial aut.')
ENDDO
CHKSPCAUT USER(TEST) SPCAUT(*JOBCTL)
MONMSG CPFB304 EXEC(DO)
SNDPGMMSG MSG('User TEST didn''t have *JOBCTL spcaut.')
ENDDO
CHKSPCAUT USER(TEST) SPCAUT(*SPLCTL)
MONMSG CPFB304 EXEC(DO)
SNDPGMMSG MSG('User TEST didn''t have *SPLCTL spcaut.')
ENDDO
ENDPGM
星期二, 11月 07, 2023
2006-01-09 如何檢核某位使用者是否有某些特殊權限?(Command CHKSPCAUT with API QSYCUSRS)
訂閱:
張貼留言 (Atom)
沒有留言:
張貼留言