|
Pete, You may want to think about using an exit program on the JDBC/ODBC exit points that can switch profiles. Within the exit program you can switch the client user to whoever you want them to be. Look at the documentation for exit points QIBM_QZDA_SQL1 and QIBM_QZDA_SQL2 for details. These are the JDBC/ODBC exit points. This, I believe, will get you where you want to go but I have a bias toward an exit point solution. Gary Monnier | Senior Software Developer 19426 68th Ave. S Kent, WA 98032 (253) 872-7788 ext. 308 gary.monnier@xxxxxxxxxxxxx www.powertech.com This email message and any attachments are intended only for the use of the intended recipient named above and may contain information that is privileged and confidential. If you are not the intended recipient, any dissemination, distribution, or copying is strictly prohibited. If you received this email message in error, please immediately notify the sender by replying to this email message or by telephone and delete the message from your email system. Thank you. -----Original Message----- From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Pete Helgren Sent: Friday, April 08, 2005 7:36 AM To: Midrange Mailing List Subject: Do I understand USRPRF *OWNER USEADPAUT *YES correctly? I have been operating under the some assumptions about adopted authority that have been recently challenged and I want to make sure I haven't missed something. We have all the files in a library set to allow a specific user profile to have *ALL authority (lets call it FUSER) and *PUBLIC authority set to *EXCLUDE. All of the programs that access the files are owned by FUSER and the authority of those programs is set to USRPRF(*OWNER) and USEADPAUT(*YES). As far as I know that prevents anyone from accessing these files outside of using specific programs unless they have *ALLOBJ authority (Correct?) We need to access those same files through JDBC so we have a program that we call when we establish the connection in Java that sets the library list and file overrides (OVRSCOPE (*JOB)). That program is also owned by FUSER and is compiled USRPRF(*OWNER) and USEADPAUT(*YES). This should prevent anyone who successfully connects through JDBC but doesn't call the program from getting access to the files (unless they have *ALLOBJ authority) (Correct?) There are a dozen other things we do to secure the access but the thing I am most interested in is making sure the files ARE accessible through this method. If the OVRSCOPE is *JOB and the program is owned by FUSER and FUSER has *ALL authority then the tables should be available to the Java program as long as the job (connection) is active (correct?) Pete Helgren -- This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
