CHGMGDSYSA (Change Managed System Attributes)

Note: To use this command, have the 5722-MG1 (Managed System Services for iSeries) licensed program installed.

CHGMGDSYSA Command syntax diagram

 

Purpose

The Change Managed System Attributes (CHGMGDSYSA) command updates the system-wide configuration attributes that are unique to the Managed System Services licensed program.

These attributes enable the user to control which activities are accepted by the managed system and under which user profile the activity is run.

Note: If you change the change control server attributes while the managed system functions are active, end the program (ENDMGDSYS command) and then start the program again (STRMGDSYS command) before the changes take effect.

 

Restrictions

1. The distribution security program, the default user profile, and the remote command security program must exist when the command is processed.
   
2. You must have *ALLOBJ special authority to change the security program, the default user profile, and the remote command security program.

 

Optional Parameters

ACCRCVCRQA

Specifies whether change request activities are to be accepted for processing.

*SAME: The value does not change.

*YES: Change request activities received from remote systems are accepted.

*NO: Change request activities are not accepted.

SECPGM

Specifies the distribution security program to be used. The specified program is run when a request is received to determine which requests are accepted.

*SAME: The value does not change.

*DFT: The default distribution security program is used. This distribution security program allows PTFs and products to be received but not applied or installed on the system. The program does not allow other objects to be manipulated.

*NONE: No distribution security program is specified. All activities are accepted when ACCRCVACT(*YES) is specified. The default user profile is used to process the activity.

The name of the object can be qualified by one of the following library values:

*LIBL: All libraries in the job's library list are searched until the first match is found.

*CURLIB: The current library for the job is searched. If no library is specified as the current library for the job, the QGPL library is used.

library-name: Specify the name of the library to be searched.

program-name: Specify the name of the distribution security program.

DFTUSRPRF

Specify the default user profile used for the change request activity if no distribution security program has been specified. The user profiles QSECOFR, QSPL, QDOC, QDBSHR, QRJE, QSYS, QLPAUTO, QLPINSTALL, QTSTRQS, and QDFTOWN are not valid entries for this parameter.

*SAME: The value does not change.

*NONE: No default user profile is specified for processing activities. A distribution security program must be specified and must indicate the name of the user profile to use if activities are to be processed.

*REQUESTER Activities will be processed using the same user profile that initiated the request at the central site system. If the originating user profile does not exist in this managed system, the activities are not accepted.

user-profile-name: Specify the name of the user profile object to be used.

INACTITV

Specifies the number of minutes jobs should wait to receive a remote command request or a change request activity. If no activity is received during the specified time period, the job processing the activity is ended. A new job is started when a new activity is received.

*SAME: The value does not change.

*NONE: No time-out value is specified.

time-out interval Specify the number of minutes for an inactive job to wait for additional requests. Valid values range from 0 through 999.

SNDINTRSP

Specifies whether intermediate responses are sent to the central site system. Intermediate responses may require activation of a switched communication link.

*SAME: The value does not change.

*YES: Intermediate responses are sent.

*NO: Intermediate responses are not sent.

PFXTOKEN

Specifies the set of tokens which, when found at the beginning of a global name, indicate a standard OS/400 object name can be found in the global name. To use standard OS/400 object names for distribution, a consistent set of tokens must be used on all systems in the network. Token names must be unique to ensure they are not used in global names being added to the distribution catalog. You can enter multiple values for this parameter.

*SAME: The value does not change.

*NONE: No prefix tokens are used. All objects to be changed are identified in the catalog.

prefix-token-value: Specifies a set of tokens which indicate a standard OS/400 name can be found in the global name. The distribution catalog is not used for objects with global names starting with these prefix tokens. One to four tokens may be specified with a total length not to exceed 20 characters. The first token is recommended to be an enterprise ID or network ID.

RMTSECPGM

Specifies the remote command security program to be used. The specified program is run when a request to run a command is received from a central site system. This program determines if the request is accepted and under which user profile it should be run.

*SAME: The value does not change.

*DFT: The default remote command security program is used. This security program allows all commands to be received and run on the system.

The name of the object can be qualified by one of the following library values:

*LIBL: All libraries in the job's library list are searched until the first match is found.

*CURLIB: The current library for the job is searched. If no library is specified as the current library for the job, the QGPL library is used.

library-name: Specify the name of the library to be searched.

program-name: Specify the name of the security program.

MAXDTA

Specifies the limitation in Kbytes for the maximum amount of data that can be returned to the central site system when a remote command request is processed.

*SAME: The value does not change.

*NOMAX: No limitation for the amount of returned data.

number-of-Kbytes Specify the number of Kbytes for the amount of data that can be returned to the central site system when a remote command request is processed. Valid values range from 1 through 99999.

DLTSPLF

Specifies whether the spooled file is deleted after a remote command request is completed.

*SAME: The value does not change.

*YES: The spooled file is deleted.

*NO: The spooled file is not deleted.

*SUCCESS: The spooled file is deleted only when the request completes successfully. The request is successful if no escape messages are received while running the command.

KEY

Specifies the key that is used for encoding or decoding the remote command request. The values must be the same for the system that sends the remote command and for the system that receives the remote command.

*SAME: The value does not change.

*NONE: No encoding or decoding key is used.

key: Specify a 64-byte character string as a character string or hexadecimal string.

Examples for CHGMGDSYSA

Example 1: Configuring the Central Site System

CHGMGDSYSA   ACCRCVACT(*YES)  SECPGM(*NONE)
  DFTUSRPRF(QUSER)  INACTITV(30)
  SNDINTRSP(*YES)  PFXTOKEN(ABCCO AUTOMAP)

This command configures the central site system to support change request activities and run them under the QUSER user profile. Intermediate responses are sent. Global names beginning with ABCCO AUTOMAP are reserved for sending objects using standard OS/400 object names. If a request is not received for 30 minutes, any jobs waiting to process requests are ended.

Example 2: Configuring the Remote Command Function

CHGMGDSYSA   RMTSECPGM(*DFT)  DLTSPLF(*SUCCESS)
  MAXDTA(*NOMAX)  KEY(*NONE)

This command configures the remote command function to use the default remote command security program, deletes spooled files when the request is run successfully, and specifies no limitation for the amount of returned data.

Error messages for CHGMGDSYSA

*ESCAPE Messages

MSS0413

Default user profile &1 not found.

MSS0414

Program &1 in library &2 not found.

MSS0415

Managed system attributes not found or damaged.

MSS0417

Global name prefix token length &1 too long.

MSS0418

*NONE not valid for both DFTUSRPRF and SECPGM.

MSS0419

Global name prefix token &1 not valid.

MSS041A

*ALLOBJ special authority required.