× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



ODBC SQL ... that's one that we're addressing, too. I have a 'monitor' exit
program that writes to a log file, and the sys admin is checking it to make
sure that we're not going to cause problems with PC-based ODBC stuff
(there's a lot of it at the client site). If nothing pops, we'll put some
code in the exit program to block updates if needed.

Tom


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Oberholtzer
Sent: Monday, June 18, 2012 3:34 PM
To: Midrange Systems Technical Discussion
Subject: Re: QMQRY and authority issue

So, your users just run the SQL from Excel, Word, or any other program that
provides an ODBC interface to the system? Unless you have the exits
blocked, they can do it anyway. I get the point but just restricting
command line access and QM does not get you to a secured environment with
respect to SQL.

Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On 6/18/2012 3:28 PM, Robert Houts wrote:
The STRQM option 10 authorizations are not silly at all. While it is true
that using STRQMQRY you can run any SQL statement in the *QMQRY you specify,
if the user is restricted to the STRQM menu then the user is restricted to
only running *QMQRYs (via option 9) that contain no unauthorized statements.
Pressing F22 and then using RUN QUERY to run an existing query is also
restricted to running no unauthorized statements.

Also, on the Work with Query Manager Queries screen (option 1 from STRQM),
when the user uses option 1 (create) to create a QM query, or option 2
(change) to change a query, the user can only use authorized statements.
This prevents the user from using any statements you don't want them to use,
which in turn prevents them from running any QM queries that contain any
unauthorized statements. In fact, if the user attempts to edit a QM query
that contains unauthorized statements, the user is prevented from starting
the edit session.

In summary, if the user is restricted to only using STRQM, the
authorizations make sense and are definitely needed.

Why would you allow your end users to use STRQMQRY directly? None of our
end users have command line access and we don't give them a menu option for
that. They are limited to a few specific statements and have only read
access to the production database. They have full access to their own query
libraries. Also, they are restricted to only running their QM queries in
batch. WRKQRY didn't have that capability, and neither does WRKQMQRY.

As far as WRKQMQRY being a better replacement for WRKQRY, no, it's not (at
least not for end users). Users should be restricted in the things they do,
so STRQM is the proper replacement. Besides, you don't have options in
WRKQMQRY to create or edit QM queries (not directly). Although there is an
option to create a QM query from a source member and one to retrieve the
source from a QM query, you would have to give your end users authorization
to a source editor (such as SEU). The editor in STRQM, while rudimentary,
at least gives some prompting support. You don't have any prompting or
syntax checking support for SQL in SEU. Plus, you'd have to buy the tools
for your production system in order to even have SEU available. Many shops
only buy those tools for their development systems.

-----Original Message-----
From:midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Vern Hamberg
Sent: Monday, June 18, 2012 10:17
To: Midrange Systems Technical Discussion
Subject: Re: QMQRY and authority issue

The authority in STRQM applies only in that utility - if you use STRQMQRY,
you can run any SQL statement in the *QMQRY you specify.

That *QMQRY can be what you created in opt 1 of QMQRY.

So I think the STRQM opt 10 authorizations are just plain silly.

By the way - QMQRY is NOT the STRQM environment - it is an object type
that you can run using STRQMQRY - STRQMQRY is the replacement for RUNQRY,
perhaps.

STRQM, as Rob said, is more like the replacement for WRKQRY. But I think a
better replacement for actually USING QMQRY's is WRKQMQRY.



--
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.