21
Sat, Dec
3 New Articles

The API Corner: Providing Access to an Application Function

APIs
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

All you need is the User Function Registration APIs.

 

Last month, in "Accessing a Command Line," we looked at how the Retrieve User Information (QSYRUSRI) API could be used to control access to a specific function with an application program. The function we were controlling was access to a command line window, displayed using the Display Command Line Window (QUSCMDLN) API, by way of command key 9. The application determined whether or not command key 9 should be enabled, based on the user class (USRCLS) attribute of the user profile currently running the application program. In this article, we will look at a more flexible approach to managing user access to an application program function. For demonstration purposes, the application function being managed will continue to be the ability to access a command line window (using QUSCMDLN).

 

Back in V4R3, IBM provided a set of APIs referred to as the User Function Registration APIs. These APIs allow you to manage the registration of, and the access by users to, user-defined application functions. This function might be, as we'll be using today, access to a command-line window from an application. These registered functions might also be the ability for a user to run (or even see) particular update functions within a program, use a command key from an inquiry program to access a full social security number (as opposed to only the last four digits with the first five digits masked as XXX-XX), and the like.

 

Note that these APIs are not a replacement for your securing of resources such as database files, programs, etc. Users who are not allowed to use a particular application function due to the user function registration APIs can still perform the function through other interfaces. For instance, disabling an update function within program ABC, using the APIs we will be discussing, does not prevent a user from using SQL or DFU to accomplish the update (assuming in this case that the user is authorized to the underlying table/file).

 

The first step in using the User Function Registration APIs is to determine what application function you want to control and then registering that function. As we have already determined which function we wish to control—access to the command line window—we will turn next to registering the function. The registration of a user function can be accomplished by either calling the program QSYRGFN or the procedure export QsyRegisterFunction of service program QSYRGFN1. In our example programs, we'll be using the procedure QsyRegisterFunction.

 

There are several key decisions that you must make when registering a new user function, with the first being the name of the function. User function names, referred to in the API documentation as Function IDs, can be up to 30 bytes in length, and the scope of the name is system-wide. Due to function names/IDs being system-wide, IBM provides naming recommendations so as to minimize the potential of your names conflicting with third-party function names that are perhaps registered on your system—and, of course, IBM-provided function names. The recommendation is to start the function name with your company name, followed by an underscore, and then text describing the function being controlled. IBM, for instance, uses function names such as QIBM_ACCESS_ALLOBJ_JOBLOG and QIBM_SERVICE_TRACE. To see the user functions currently registered on your system, you can use the command WRKFCNUSG FCNID(*ALL). System i Navigator also allows you to see the user functions that are on your system.

 

If your company has several development groups, you may also want to further qualify user function names. IBM, for instance, uses the naming convention QIBM_Qccc_Descriptive_Text, where Qccc represents different development teams (components) within the operating system. Using this further qualification avoids one team, such as security (component SY), from inadvertently choosing the same descriptive name as work control (component WC).

 

Other key decisions involve what default usage (allow vs. disallow) should be used if a given user is not explicitly defined for the function, whether users with the special authority *ALLOBJ should be implicitly allowed access to the function, etc.  In a future article, we'll look at some of these other decisions in greater detail. For now, we'll simply assume that we want to register a function named BVS_CMD_LINE_WINDOW (where BVS represents "my" company name of Bruce Vining Services) and that, by default, non-*ALLOBJ users should be denied access to the function.

 

Prior to actually registering our function, we need to register the product within which the function exists. We will name our product BVS_APPLICATIONS and register this product with the following program.

 

h DftActGrp(*no)                                                      

                                                                     

dCrtFcn           pr                  extproc('QsyRegisterFunction') 

d FcnID                         30    const                          

d FcnControls                 4096    const options(*varsize)        

d QUSEC                               likeds(QUSEC)                  

                                                                     

dPrdControls      ds                  qualified                       

d NbrOfCtls                     10i 0 inz(1)                         

d LenKey2Len                    10i 0 inz(16)                        

d Key2                          10i 0 inz(2)                         

d LenKey2Dta                    10i 0 inz(1)                         

d Key2Dta                        1a   inz('1')                       

d                                3a                                  

                                                                     

 /copy qsysinc/qrpglesrc,qusec                                       

                                                      

 /free                                                

                                                      

  QUSBPrv = 0;                                         

  CrtFcn('BVS_APPLICATIONS' :PrdControls :QUSEC);     

                                                      

  *inlr = *on;                                        

  return;                                              

                                                      

 /end-free                                            

 

Assuming that the previous program source is stored in member REGPRD (for Register Product) of QRPGLESRC, we can compile the program with CRTBNDRPG REGPRD and then run the program with CALL REGPRD. As with the discussion of other registration decisions, we'll look at the details of this (and the following program) in a subsequent article. For now, we'll just get our command line function registered and see how it can be used by the DSPHI application we developed last month.

 

The following program will register our initial product function to be controlled: BVS_CMD_LINE_WINDOW.

 

h DftActGrp(*no)                                                      

                                                                     

dCrtFcn           pr                  extproc('QsyRegisterFunction') 

d FcnID                         30    const                          

d FcnControls                 4096    const options(*varsize)        

d QUSEC                               likeds(QUSEC)                  

                                                                     

dFcnControls      ds                  qualified                      

d NbrOfCtls                     10i 0 inz(3)                         

d LenKey3Len                    10i 0 inz(44)                        

d Key3                          10i 0 inz(3)                         

d LenKey3Dta                    10i 0 inz(30)                         

d Key3Dta                       30a   inz('BVS_APPLICATIONS')        

d                                2a                                  

d LenKey6Len                    10i 0 inz(144)                       

d Key6                          10i 0 inz(6)                         

d LenKey6dta                    10i 0 inz(132)                       

d Key6Dta                      132a   inz('Provide command line -    

d                                     window access')                 

d LenKey11Len                   10i 0 inz(16)                        

d Key11                         10i 0 inz(11)                        

d LenKey11Dta                   10i 0 inz(1)                         

d Key11Dta                       1a   inz('1')                       

d                                3a                                  

                                                                     

 /copy qsysinc/qrpglesrc,qusec                                       

                                                                      

 /free                                                               

                                                                     

  QUSBPrv = 0;                                                        

  CrtFcn('BVS_CMD_LINE_WINDOW' :FcnControls :QUSEC);                 

                                                                     

  *inlr = *on;                                                       

  return;         

                   

 /end-free        

 

Assuming that the above program source is stored in member REGCMDLN (for Register Command Line) of QRPGLESRC, you can compile the program with CRTBNDRPG REGCMDLN and then run the program with CALL REGCMDLN. If you now use the Work with Function Usage command, WRKFCNUSG FCNID(*ALL), you should see that function BVS_CMD_LINE_WINDOW is registered with your system. Taking option 5 (Display usage) from the Work with User Function display panel of WRKFCNUSG, you will see that there are no users currently registered with the BVS_CMD_LINE_WINDOW function. While there is an API to add users to a User Function (which we will use in a future article), for now we'll use the Change Function Usage (CHGFCNUSG) command to add a user to BVS_CMD_LINE_WINDOW.

 

The following command will allow user profile VINING access to our registered function.

 

CHGFCNUSG FCNID(BVS_CMD_LINE_WINDOW) USER(VINING) USAGE(*ALLOWED) 

 

Note that you should change the user name VINING in the previous command to a profile name (such as your own) that exists on your system. The profile name must exist at the time you run the command.

 

Having given VINING access to the command line window function, now let's see what needs to be changed in our DSPHI program to use the User Function  Registration APIs—rather than the user class of VINING—in order to allow (or disallow) access to the command line window. Shown below, in bold, are the changes needed to last month's program.

 

h DftActGrp(*no)                                                     

                                                                    

fHI        cf   e             workstn                               

                                                                    

dChkUsr           pr                  extproc('-                    

d                                     QsyCheckUserFunctionUsage')   

d Usage                          1                                  

d Function                      30    const                         

d UsrPrf                        10    const                         

d QUSEC                               likeds(QUSEC)                 

                                                                    

dUseCmdLine       pr                  extpgm('QUSCMDLN')            

                                                                    

dUsage            s              1a                                 

                                                                    

 /copy qsysinc/qrpglesrc,qusec                                      

                                                                

 /free                                                          

                                                                

  QUSBPrv = 0;                                                  

  ChkUsr(Usage :'BVS_CMD_LINE_WINDOW' :'*CURRENT' :QUSEC);      

  *in39 = (Usage = '2');                                        

                                                                

  exfmt HiThere;                                                

  dow (not *in03);                                              

      if *in09;                                                 

         UseCmdLine();                                           

      endif;                                                    

      exfmt HiThere;                                            

  enddo;                                                        

                                                                 

  *inlr = *on;                                                  

  return;                                                       

               

 /end-free     

 

By compiling the changed DSPHI program shown above, signing on as the user previously registered to the BVS_CMD_LINE_WINDOW function, and calling DSPHI, you should see that command key 9 is enabled. By signing off, signing back on as a user not registered to BVS_CMD_LINE_WINDOW and without the *ALLOBJ special authority, and calling DSPHI, you should see that command key 9 is no longer available. By signing off, signing back on as a user with the special authority *ALLOBJ and not registered to BVS_CMD_LINE_WINDOW, and calling DSPHI, you should see that this user does have access to command key 9.

 

Prior to closing this article, and assuming that you don't want BVS_APPLICATIONS to continue being registered on your system, you can remove the registered function (and product) using the following program.

 

h DftActGrp(*no)                                                      

                                                                     

dDltFcn           pr                  extproc('QsyDeregisterFunction')

d FcnID                         30    const                          

d QUSEC                               likeds(QUSEC)                  

                                                                     

 /copy qsysinc/qrpglesrc,qusec                                       

                                                                      

 /free                                                               

                                                                     

  QUSBPrv = 0;                                                       

  DltFcn('BVS_CMD_LINE_WINDOW' :QUSEC);                              

  DltFcn('BVS_APPLICATIONS' :QUSEC);                                 

                                                                     

  *inlr = *on;                                                        

  return;                                                            

               

 /end-free     

 

Assuming that the previous program source is stored in member DREGPRD (for Deregister Product) of QRPGLESRC, you can compile the program with CRTBNDRPG DREGPRD and then run the program with CALL DREGPRD.

 

As mentioned earlier, next month we'll look at more of the details behind the above programs. In future articles, we'll also look at some of the benefits you can pick up by utilizing the User Function Registration APIs within your applications—for instance, that the usage information associated with a user is saved and restored with the user profile when using commands such as SAVSECDTA, RSTUSRPRF, and RSTAUT. 

 

As usual, if you have any API questions, send them to me at This email address is being protected from spambots. You need JavaScript enabled to view it.. I'll see what I can do about answering your burning questions in future columns.

 

 

BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Support MC Press Online

$

Book Reviews

Resource Center

  • SB Profound WC 5536 Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. You can find Part 1 here. In Part 2 of our free Node.js Webinar Series, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Brian will briefly discuss the different tools available, and demonstrate his preferred setup for Node development on IBM i or any platform. Attend this webinar to learn:

  • SB Profound WP 5539More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.

  • SB HelpSystems ROBOT Generic IBM announced the E1080 servers using the latest Power10 processor in September 2021. The most powerful processor from IBM to date, Power10 is designed to handle the demands of doing business in today’s high-tech atmosphere, including running cloud applications, supporting big data, and managing AI workloads. But what does Power10 mean for your data center? In this recorded webinar, IBMers Dan Sundt and Dylan Boday join IBM Power Champion Tom Huntington for a discussion on why Power10 technology is the right strategic investment if you run IBM i, AIX, or Linux. In this action-packed hour, Tom will share trends from the IBM i and AIX user communities while Dan and Dylan dive into the tech specs for key hardware, including:

  • Magic MarkTRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now!  Request Now.

  • SB HelpSystems ROBOT GenericForms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.

  • SB HelpSystems ROBOT GenericIT security is a top priority for businesses around the world, but most IBM i pros don’t know where to begin—and most cybersecurity experts don’t know IBM i. In this session, Robin Tatam explores the business impact of lax IBM i security, the top vulnerabilities putting IBM i at risk, and the steps you can take to protect your organization. If you’re looking to avoid unexpected downtime or corrupted data, you don’t want to miss this session.

  • SB HelpSystems ROBOT GenericCan you trust all of your users all of the time? A typical end user receives 16 malicious emails each month, but only 17 percent of these phishing campaigns are reported to IT. Once an attack is underway, most organizations won’t discover the breach until six months later. A staggering amount of damage can occur in that time. Despite these risks, 93 percent of organizations are leaving their IBM i systems vulnerable to cybercrime. In this on-demand webinar, IBM i security experts Robin Tatam and Sandi Moore will reveal:

  • FORTRA Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:

  • FORTRAManaging messages on your IBM i can be more than a full-time job if you have to do it manually. Messages need a response and resources must be monitored—often over multiple systems and across platforms. How can you be sure you won’t miss important system events? Automate your message center with the Robot Message Management Solution. Key features include:

  • FORTRAThe thought of printing, distributing, and storing iSeries reports manually may reduce you to tears. Paper and labor costs associated with report generation can spiral out of control. Mountains of paper threaten to swamp your files. Robot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing. Manage your reports with the Robot Report Management Solution. Key features include:

  • FORTRAFor over 30 years, Robot has been a leader in systems management for IBM i. With batch job creation and scheduling at its core, the Robot Job Scheduling Solution reduces the opportunity for human error and helps you maintain service levels, automating even the biggest, most complex runbooks. Manage your job schedule with the Robot Job Scheduling Solution. Key features include:

  • LANSA Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.

  • LANSAWhen it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed. Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:

  • LANSASupply Chain is becoming increasingly complex and unpredictable. From raw materials for manufacturing to food supply chains, the journey from source to production to delivery to consumers is marred with inefficiencies, manual processes, shortages, recalls, counterfeits, and scandals. In this webinar, we discuss how:

  • The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit

  • Profound Logic Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.

  • SB Profound WC 5536Join us for this hour-long webcast that will explore:

  • Fortra IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn: