如何判別使用者對某些物件是否有某些權限?(CHKAUT command with API QSYRUSRA)
如何判別使用者對某些物件是否有某些權限?(CHKAUT command with API QSYRUSRA)
此指令執行時, 若使用者對物件沒有指定的權限, 會拋出錯誤訊息 CPF9802,
所以於 CLP中可以執行類似如下指令:
CHKAUT USER(TEST) OBJ(QGPL/QCLSRC) OBJTYPE(*FILE) AUT(*ALL)
monmsg cpf9802 exec(do)
/* 無權限處理程序 */
chgvar &Okay '0'
enddo
File : QCLSRC
Member: CHKAUT
Type : CLP
Usage : CRTCLPGM CHKAUT
/*------------------------------------------------------------------*/
/* Programmers Group & Management Resource Copyright 2000 */
/* */
/* \\\ */
/* ( o o ) */
/*------------------------oOO----(_)----OOo-------------------------*/
/* */
/* System name . . . : Technical Support */
/* Program name . . . : CHKAUT */
/* Text . . . . . . . : Check authority to the Object */
/* */
/* Author . . . . . . : Alexander Nubla */
/* Description . . . : This is the CPP for CHKAUT command. */
/* The program checks to determine what */
/* type of authority the user has over */
/* the specified object. */
/* */
/* ooooO Ooooo */
/* ( ) ( ) */
/*-------------------------( )-------------( )----------------------*/
/* (_) (_) */
/* Updated by Vengoal Chang 2006/09/30 */
/*------------------------------------------------------------------*/
pgm (&user /* Check user */ +
&fullobj /* Object name */ +
&objtype /* Object type */ +
&auts ) /* Authorities */
/*--------------------------------------------------------*/
/* declaration */
/*--------------------------------------------------------*/
dcl &user *char 10
dcl &fullobj *char 20
dcl &objtype *char 7
dcl &auts *char 72
dcl &obj *char 10
dcl &objlib *char 10
dcl &nbr *dec 5 0
dcl &objaut *char 10
dcl &authority *char 10
dcl &autreq *char 70
dcl &okay *char 1
dcl &RcvVar *char 93
dcl &VarLen *char 4 x'0000005D'
dcl &Fmtnam *char 8 USRA0100
dcl &Objtyp *char 10
dcl &ErrDta *char 116
dcl &ErrDta2 *char 116
dcl &bin4 *char 4
dcl &Erravl *dec 15
/*--------------------------------------------------------*/
/* error message variables */
/*--------------------------------------------------------*/
dcl &error *lgl /* std err */
dcl &msgid *char 7 /* std err */
dcl &msgkey *char 4 /* std err */
dcl &msgdta *char 100 /* std err */
dcl &msgf *char 10 /* std err */
dcl &msgflib *char 10 /* std err */
dcl &msgtyp *char 10 '*DIAG' /* std err */
dcl &msgtypctr *char 4 X'00000001' /* std err */
dcl &pgmmsgq *char 10 '*' /* std err */
dcl &stkctr *char 4 X'00000001' /* std err */
dcl &errbytes *char 4 X'00000000' /* std err */
monmsg msgid(cpf0000) exec(goto error)
/*--------------------------------------------------------*/
/* Get the object name & library */
/*--------------------------------------------------------*/
chgvar &Obj %sst(&FullObj 1 10)
chgvar &Objlib %sst(&FullObj 11 10)
if (%sst(&Objlib 1 1) = '*' ) do
rtvobjd obj(&Obj) +
objtype(&objtype) +
rtnlib(&Objlib)
enddo
chkobj obj(&Objlib/&Obj) +
objtype(&objtype)
/*--------------------------------------------------------*/
/* Retrieve user authority to the object */
/*--------------------------------------------------------*/
chgvar &RcvVar ' '
chgvar &Objtyp &objtype
chgvar &ErrDta X'00000074'
call pgm(QSYRUSRA) +
parm(&RcvVar +
&VarLen +
&Fmtnam +
&User +
&FullObj +
&Objtyp +
&ErrDta)
chgvar &bin4 %sst(&ErrDta 5 4)
chgvar &ErrAvl %bin(&bin4)
/*----------------------------------------------*/
/* Error found on the API, send error message */
/*----------------------------------------------*/
if (&ErrAvl > 0) do
chgvar &ErrDta2 %sst(&ErrDta 1 &ErrAvl)
chgvar &Msgid %sst(&ErrDta2 9 7)
chgvar &MsgDta %sst(&ErrDta2 17 100)
if (&Msgid *ne ' ') do
sndpgmmsg msgid(&Msgid) +
msgdta(&MsgDta) +
msgf(QCPFMSG) +
msgtype(*escape)
enddo
enddo
chgvar &ObjAut %sst(&RcvVar 9 10)
/*--------------------------------------------------------*/
/* Get the list of authorities requested */
/*--------------------------------------------------------*/
chgvar &Nbr %bin(&Auts 1 2)
chgvar &Nbr (&Nbr * 10)
chgvar &AutReq %sst(&Auts 3 &Nbr)
/*--------------------------------------------------------*/
/* Check the requested authorities Vs &ObjAut returned */
/*--------------------------------------------------------*/
chkaut:
chgvar &Authority %sst(&AutReq 1 10)
If (&Authority = ' ' ) goto nomore
chgvar &Okay 'Y'
If (&Authority *eq '*ALL' *and +
&Objaut *ne '*ALL') do
chgvar &Okay 'N'
enddo
If (&Authority *eq '*CHANGE' *and +
&Objaut *ne '*ALL' *and +
&Objaut *ne '*CHANGE') do
chgvar &Okay 'N'
enddo
If (&Authority *eq '*USE' *and +
&Objaut *ne '*ALL' *and +
&Objaut *ne '*CHANGE' *and +
&Objaut *ne '*USE') do
chgvar &Okay 'N'
enddo
If (&Authority *eq '*EXCLUDE' *and +
&Objaut *ne '*EXCLUDE' ) do
chgvar &Okay 'N'
enddo
If (&Authority *eq '*OBJOPR') do
chgvar &Okay %sst(&RcvVar 20 1)
enddo
If (&Authority *eq '*OBJMGT') do
chgvar &Okay %sst(&RcvVar 21 1)
enddo
If (&Authority *eq '*OBJEXIST') do
chgvar &Okay %sst(&RcvVar 22 1)
enddo
If (&Authority *eq '*OBJALTER') do
chgvar &Okay %sst(&RcvVar 92 1)
enddo
If (&Authority *eq '*OBJREF') do
chgvar &Okay %sst(&RcvVar 93 1)
enddo
If (&Authority *eq '*READ' ) do
chgvar &Okay %sst(&RcvVar 23 1)
enddo
If (&Authority *eq '*ADD') do
chgvar &Okay %sst(&RcvVar 24 1)
enddo
If (&Authority *eq '*UPDATE') do
chgvar &Okay %sst(&RcvVar 25 1)
enddo
If (&Authority *eq '*DELETE') do
chgvar &Okay %sst(&RcvVar 26 1)
enddo
If (&Authority *eq '*EXECUTE') do
chgvar &Okay %sst(&RcvVar 81 1)
enddo
/*--------------------------------------------------------*/
/* NOT AUTHORIZED! */
/*--------------------------------------------------------*/
If (&Okay *eq 'N' ) do
sndpgmmsg msgid(CPF9802) +
msgf(QCPFMSG) +
msgdta(&Obj || &Objlib || +
%sst(&Objtyp 2 6)) +
msgtype(*escape)
enddo
chgvar &AutReq %sst(&AutReq 11 60)
goto chkaut
nomore:
return
/*--------------------------------------------------------*/
/* error routine: */
/*--------------------------------------------------------*/
error:
if &error (goto errordone)
else chgvar &error '1'
/*----------------------------------------------*/
/* move all *DIAG message to *PRV program queue */
/*----------------------------------------------*/
call QMHMOVPM (&msgkey +
&msgtyp +
&msgtypctr +
&pgmmsgq +
&stkctr +
&errbytes)
/*----------------------------------------------*/
/* resend the last *ESCAPE message */
/*----------------------------------------------*/
errordone:
call QMHRSNEM (&msgkey +
&errbytes)
monmsg cpf0000 exec(do)
sndpgmmsg msgid(cpf3cf2) msgf(QCFPMSG) +
msgdta('QMHRSNEM') msgtype(*escape)
monmsg cpf0000
enddo
end: endpgm
File : QCMDSRC
Member: CHKAUT
Type : CMD
Usage : CRTCMD CMD(yourlib/CHKAUT) PGM(yourlib/CHKAUT)
/*-----------------------------------------------------------------*/
/* Programmers Group & Management Resource Copyright 2000 */
/* */
/* \\\ */
/* ( o o ) */
/*------------------------oOO----(_)----OOo------------------------*/
/* */
/* System name . . . : Technical Support */
/* Command name . . . : CHKAUT */
/* Text . . . . . . . : Check Authority of User */
/* */
/* Author . . . . . . : Alexander Nubla */
/* */
/* ooooO Ooooo */
/* ( ) ( ) */
/*-----------------------( )-------------( )-----------------------*/
/* (_) (_) */
/* */
/* Command parameters: */
/* */
/* ALLOW((*ALL) */
/* */
/* CPP: CHKAUT */
/* */
/*-----------------------------------------------------------------*/
CMD PROMPT('Check Authority')
/* -------------------------------------------- */
/* User id */
/* -------------------------------------------- */
PARM KWD(USER) TYPE(*NAME) LEN(10) +
SPCVAL((*CURRENT)) MIN(1) PROMPT('User')
/* -------------------------------------------- */
/* Object */
/* -------------------------------------------- */
PARM KWD(OBJ) TYPE(QOBJ) MIN(1) PROMPT('Object')
QOBJ: QUAL TYPE(*NAME) LEN(10) EXPR(*YES)
QUAL TYPE(*NAME) LEN(10) DFT(*LIBL) +
SPCVAL((*LIBL)) EXPR(*YES) PROMPT('Library')
/* -------------------------------------------- */
/* Object type */
/* -------------------------------------------- */
PARM KWD(OBJTYPE) TYPE(*NAME) LEN(7) +
SPCVAL((*ALRTBL) (*AUTL) (*BNDDIR) +
(*CFGL) (*CHTFMT) (*CLD) (*CLS) (*CMD) +
(*CNNL) (*COSD) (*CRG) (*CRQD) (*CSI) +
(*CSPMAP) (*CSPTBL) (*CTLD) (*DEVD) +
(*DTAARA) (*DTADCT) (*DTAQ) (*EDTD) +
(*FCT) (*FILE) (*FNTRSC) (*FNTTBL) +
(*FORMDF) (*FTR) (*GSS) (*IPXD) (*JOBD) +
(*JOBQ) (*JRN) (*JRNRCV) (*LIB) (*LIND) +
(*LOCALE) (*MEDDFN) (*MENU) (*MGTCOL) +
(*MODD) (*MODULE) (*MSGF) (*MSGQ) (*M36) +
(*M36CFG) (*NODGRP) (*NODL) (*NTBD) +
(*NWID) (*NWSD) (*OUTQ) (*OVL) (*PAGDFN) +
(*PAGSEG) (*PDG) (*PGM) (*PNLGRP) +
(*PRDDFN) (*PRDLOD) (*PSFCFG) (*QMFORM) +
(*QMQRY) (*QRYDFN) (*RCT) (*SBSD) +
(*SCHIDX) (*SPADCT) (*SQLPKG) (*SQLUDT) +
(*SRVPGM) (*SSND) (*SVRSTG) (*TBL) +
(*USRIDX) (*USRPRF) (*USRQ) (*USRSPC) +
(*VLDL) (*WSCST)) MIN(1) EXPR(*YES) +
PROMPT('Object type')
/* -------------------------------------------- */
/* Object authority */
/* -------------------------------------------- */
PARM KWD(AUT) TYPE(*CHAR) LEN(10) RSTD(*YES) +
VALUES(*OBJALTER *OBJEXIST *OBJMGT +
*OBJOPR *OBJREF *ADD *DELETE *EXECUTE +
*READ *UPDATE) SNGVAL((*ALL) (*CHANGE) +
(*USE) (*EXCLUDE)) MIN(1) MAX(7) +
EXPR(*YES) PROMPT('Authority')
星期二, 11月 07, 2023
2006-09-30 如何判別使用者對某些物件是否有某些權限?(CHKAUT command with API QSYRUSRA)
訂閱:
張貼留言 (Atom)
沒有留言:
張貼留言