How do you restrict editing by ADTS utilities SEU, RLU, MRGSRC, EDTSRC and SDA using registered Exit Point QIBM_QSU_ALW_EDIT?
To provide an exit point for the IBM i Registration Facility, allowing a system administrator to control whether source files can be changed using the following Application Development Toolset (ADTS) utilities:
- Source Entry Utility (SEU), option 2 only
- Report Layout Utility (RLU)
- Merge Source (MRGSRC)
- Edit Source (EDTSRC)
- Screen Design Aid (SDA), option 1 and 2.
The exit point QIBM_QSU_ALW_EDIT is generated and registered by SEU. If the exit point is enabled by the system administrator, and the exit program indicates that the editing is not allowed, the utilities listed above will immediately exit, and thence, will not allow changing the source member.
The exit program will be passed parameters including the library, file and member that the utility would be modifying. The exit program can use the information about the source member, with other information available through system commands and APIs about the job, user profile, date, time and so on, to determine whether to allow the editing utility to continue.
The parameters passed to the exit program are
|Number||Name||Type||Length||Input or output|
Set the "Allow" parameter to a value of '2' to disallow the editing. Set the "Allow" parameter to any other value to allow the editing.
Note: Only one exit program can be enabled for the QIBM_QSU_ALW_EDIT exit point.
Examples for the usage of this new enhancement
- To restrict some or all users from updating source members via the ADTS utilities at any time or during an RTCi or RTCp build.
- To restrict some or all users from updating source members via the ADTS utilities when the user is otherwise authorized to change the *FILE object.
- To provide a way to restrict some or all users from updating particular source libraries/files/members via the ADTS utilities.
System Administrator Tasks
- Use SEU at least once to cause SEU to register the exit point on the system. (This can be done by any user.)
- Code the exit program to work with the four parameters listed above.
- The first three input-only parameters identify the library, file and member, and be used for filtering purposes.
- The fourth output parameter is used to control whether the editing function is allowed or not. Set the parameter to '2' to disallow the editing function, and set it to any other value to allow the editing function to continue.
- The exit program should issue a diagnostic message to the joblog if the editing function is disallowed. The ADTS utilities will not provide any indication in the joblog that the command failed due to the exit program disallowing the function.
4. Use the WRKREGINF command to remove the exit point later, if it is no longer needed.
Alternatively, change the exit program to always allow the editing function to continue.
Exit Program Sample
The sample program attached below disallows all editing using the ADTS utilities with the following exceptions:
- The system administrator SMITHJ is allow to use the utilities.
- Any member in source file QGPL/QCLSRC may be edited.
All source code and/or binaries attached to this document are referred to here as "the Program". IBM is not providing program services of any kind for the Program. IBM is providing the Program on an "AS IS" basis without warranty of any kind. IBM WILL NOT BE LIABLE FOR ANY ACTUAL, DIRECT, SPECIAL, INCIDENTAL, OR INDIRECT DAMAGES OR FOR ANY ECONOMIC CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS), EVEN IF IBM, OR ITS RESELLER, HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.