Powertech Command Security for IBM i
August 2022
Version 1.16
August 9, 2022
Fixes
-
Fixed an issue where, in rare instances, jobs could halt when a monitored command was executed in them.
-
Fixed the “Processing command failure” error on the WRKMBRPDM command. This error occurs if the STRSEU command is configured as a monitored command.
January 2021
Version 1.15
January 28, 2021
- An issue causing unsuccessful attempts to run the PCSJRNRPT command has been resolved.
- Several help text errors have been corrected.
- An issue related to accessibility of the STRSQL command has been resolved.
- An issue causing PCS journal reports to print without the proper starting data has been resolved.
- An issue causing a failure to send email messages under some conditions has been resolved.
- An issue causing DLYJOB to fail to honor a delay value greater than 99999 has been corrected.
- A process to repair damaged objects is no longer missing PCSITS.
- Attempting to insert commands into Command Security from library QBRM could result in many errors displayed at the UI, followed by a data dump. This is caused by temporarily applied BRMS PTFs. The issue has been partly rectified. Error messages continue to appear at the bottom of the screen, but the process now ends normally and the errors can be ignored.
March 2019
Version 1.14
New Features
- Two new operators are now provided that further restrict the Condition comparison to the beginning or end of a value. The STARTSWITH operator checks if one value begins with another value. The ENDSWITH operator checks if one value ends with another value (while ignoring trailing blanks).
- A new action now allows you to send messages to the joblog during the execution of a Monitored Command. The *LOGMSG action allows you to send messages that usually will appear to the user of the Monitored Command since they are sent to the caller of the command. This is particularly useful when you reject a command's execution due to Conditions you have implemented.
- A new group of Rules is now available that will run before the defined Rules for every Monitored Command. These are called Global Rules. Instead of adding the same Rule to many Monitored Commands, Global Rules can be used to apply rules to (or remove those Rules from) all Monitored Commands quickly.
Enhancements
- You can now refer to Replaceable Variables in the "Compare to" value for Conditions. This allows you to test, for example, the value of one keyword to another keyword's value.
- The software has been enhanced to provide two new Data Sources that deliver the name (*CMDNAM) and library (*CMDLIB) of the command actually run by the user or compiled into a program. This command can differ from the Monitored Command whose rules are in effect when a proxy command is used.
- The PCS Journal Report has been enhanced to provide more robust selection criteria. The following new or enhanced selection criteria are now available:
- Whether the Monitored Command was allowed or rejected.
- Up to 50 user profiles can be specified for inclusion in the report. Each can be a generic name.
- An authorization list can be specified, instead of a list of user profiles, to be included in the report.
- Up to 50 user profiles can be specified for exclusion from the report. Each can be a generic name.
- An authorization list can be specified, instead of a list of user profiles, to be excluded from the report.
- The job name, job user, command name, and command library selection criteria have all been enhanced to support generic search terms.
- When selecting commands to monitor, the command finder list now supports a generic filter for the command name, as well as expanded library selections like *LIBL, *USRLIBL, and *ALLUSR. Additionally, F13 has been added to allow you to repeat a list option all the way to the end of the list. This allows you to select a wider range of commands to monitor more quickly than you could before.
- Conditions have been enhanced to allow comparisons to be performed using only the library or object name portion of a qualified keyword value. The *OBJLIB(<keyword>) and *OBJNAM(<keyword>) Data Sources treat any keyword's value as a qualified object name, and each extracts the desired part of the keyword's value for comparison.
- Sometimes a command can never be changed at run-time by Command Security due to limits imposed by the Operating System. When creating or changing Actions for one of these Monitored Commands, a yellow phrase now appears on the panel indicating that the command string cannot be overridden at run-time. Additionally, those actions that modify the string will not be allowed to be selected from the finder nor specified manually.
Fixes
- A defect affecting the MEMBEROF Operator from working as documented has been corrected.
- References within Command Security to "Powertech Network Security" have been updated to reflect this product's new name "Powertech Exit Point Manager".
- A defect affecting the ONEOF operator has been corrected. Specifically, it was not recognizing the last value contained within the "Compare to" entry.
- The *MSG and *QUEUEMSG actions have been changed to execute synchronously in the job that executes a Monitored Command rather than being submitted to the Deferred Action Queue for asynchronous processing. This means that the *MSG and *QUEUEMSG actions will no longer cause the PCSDAQMON Deferred Action Queue Monitor job to be started automatically during a monitored command's execution.
August 2018
Version 1.13
New Features
- A new command, PCSMONSTS, has been created to allow certain resources to be disabled and enabled. The Deferred Action Queue monitor job can be disabled. Once disabled, the PCSDAQMON job will not be allowed to start by any means, thus preventing the PTWRKMGT subsystem from being started automatically. During the time the Deferred Action Monitor is disabled, deferred Actions will be enqueued but will not be executed until the Deferred Action Monitor is started.
- Two new reports have been developed that display the list of Monitored Commands that make use of each Named Condition or Named Action. These reports are accessible from the Work with Named Condition and Work with Named Action panels, or via the PCSPRTCNDU (Print Named Condition Usage) and PCSPRTACTU (Print Named Action Usage) commands.
- A new view has been added to the Work with Monitored Commands list that shows the number of times each Monitored Command has been used in a short, recent time period (today, yesterday, or last 24 hours).
- Three new commands have been added to support automated creation and deletion of Monitored Commands, PCSCPYCMD, PCSNEWCMD, and PCSDLTCMD.
- Command security now notices damage to the PCS Deferred Action Monitor data queue (PCSDAQ) and repairs it automatically.
Enhancements
- Options have been added to the Work with Monitored Commands, Work with Named Conditions, and Work with Named Actions list displays to allow a selected item and its rules to be printed. Each of the list displays also now supports F17 to print the complete listing of items. The Work with Monitored Commands display has been further enhanced with the ability to invoke the PCS Journal Report (PCSJRNRPT) for a specific Monitored Command.
- The name of the program that executed a Monitored Command is now printed on the PCS Journal Report.
- Each rule printed on the Monitored Command listing, the Named Conditions listing, and the Named Actions listings will now include the status (*ACTIVE or *INACTIVE) for that rule.
- All reports run from Command Security panels are now submitted to batch using the job description on the administrator's user profile. On the Reports Menu, you have the option to run them immediately or in batch.
- For all "Compare to" values, any value that begins with an asterisk will be allowed. If the "Compare to" value does not begin with an asterisk, it must match the data type of the command keyword (date, time, integer, etc). This allows the user to enter a wide range of special values while still providing a reasonable chance of picking a value that might work.
- When selecting commands to monitor, the command finder list now supports a generic filter for the command name, as well as expanded library selections like *LIBL, *USRLIBL, and *ALLUSR. Additionally, F13 has been added to allow you to repeat a list option all the way to the end of the list. This allows you to select a wider range of commands to monitor more quickly than you could before.
- Sometimes a command can never be changed at run-time by Command Security due to limits imposed by the Operating System. When creating or changing Actions for one of these Monitored Commands, a yellow phrase now appears on the panel indicating that the command string cannot be overridden at run-time. Additionally, those actions that modify the string will not be allowed to be selected from the finder nor specified manually.
Fixes
- The PCSJRNRPT (Journal Report) command has been repaired so that administrators with no special authority can run the report as long as the administrator's user profile is a member of the PTADMIN authorization list.
- Occasionally the PCS Journal Report would report that an action failed, but it would not print the message text associated with the error. This has been corrected so that the PCS Journal Report will print the correct message text for future errors. This does not correct Action failures logged in the past.
-
Monitoring certain commands used by IBM screens sometimes caused the &CMDNAM variable to return odd values, for example, "X:". This was most common when monitoring DLTUSRPRF and deleting a profile from WRKUSRPRF. The &CMDNAM variable content has been corrected.
- When determining the calling program for a Monitored Command, HelpSystems' own exit point programs are now omitted from consideration as the calling program. This includes GSCC0100 for the SBMJOB command.
- Certain commands with qualified parameters, where one part of the parameter is a constant value, caused Command Security to disallow that keyword for selection in a Condition's Data Source. This has been repaired so that the keyword for any parameter that contains any displayable data will be available for selection.
March 2018
Version 1.12
-
Corrections have been made to the PCSJRNRPT (PCS Journal Report) command:
- The PCS Journal Report has been enhanced to output the program name that invoked a Monitored Command.
- An instance was corrected whereby the PCS Journal Report output contained incorrect data associated with a Monitored Command when run.
- The report generated from command PCSPRTCMDS (Print Monitored Commands) has been changed to include the status of each rule associated with a Monitored Command.
- Three new command objects (PCSCPYCMD, PCSDLTCMD, and PCSNEWCMD) have been added to Command Security to aid with the management of Monitored Commands in batch environments.
August 2017
Version 1.11
-
A problem causing an internal locking mechanism to fail to perform an unlock, resulting in the failure of a monitored command, has been resolved. (The associated job where the command was being executed from displayed a consistent status of SEMW.)
April 2017
Version 1.10
- A loophole where the internal semaphore unlock failed to occur has been closed.
- The initial sentence of the help text for the PCSJRNRPT command, which incorrectly referenced a Command Security setting, has been corrected.
- F5 (Refresh) for PCS2880 no longer causes an error when the list it displays contains no entries.
- PCS2880 no longer displays the incorrect text when the list is empty. (Previously the copyright message would appear in this case. Now the correct message, that no data exists, is displayed.)
July 2016
Version 1.09
- Command Security is now delivered with new deployment functionality, including the ability to stage the product installation.
- Failure to prompt and subsequently execute a monitored command due to a duplicate command name in different library has been resolved.
- Panel PCS3231’s screen legend for “Ignore text case” has been changed to more accurately reflect the nature of the parameter.
- A new utility program, PCS9990, has been added to the product. This program can be used if one of the system semaphores used by Command Security becomes “stuck” and is adversely affecting product functionality.
December 2015
Version 1.08
- The handling of proxy commands has been modified in order to work with new IBM PTFs.
- The F9=Retrieve function now works for monitored commands.
- The Remove Keyword function (*RMVKWD) no longer overwrites the previous keyword in some cases.
- Licensing updates.
July 2014
Version 1.07
- The installation procedure has been modified to retain existing special authorities for PTADMIN.
- The validation on keyword type NAME has been changed to allow special values (values that start with *).
April 2014
Version 1.06
- Network Security displays the appropriate descriptions when creating a condition with Data Source *JOBTYPE.
- Command Security now finds any program in your call stack when a condition has been created to check for one.
- Rules employing the MSG Action no longer send incorrect messages when conditions are met.
- Object validation now allows 10-character library names.
August 2013
Version 1.04
- Added system information to report headings
Version 1.05
- Fix update lock when product fails with “Objects are locked in PTCSLIB”.
- Correct problem when Journal Report fails with “Message ID not found”
- New Data Sources for Condition checking (*ACGCDE, *JOBUSER, *LMTCPB, *SPCAUT, *USRCLS, *USRPGM)
- New Action (*QUEUEMSG) which sends a message to a message queue
May 2013
Version 1.03
- Correctly handle MEMBEROF condition when multiple values are entered.