× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



The promotional material associated with IASPs seems to be over-reaching -
at least to me. They promote partitioning disk units between tenants. That
leads to running more disk drives without much in return, as far as I can
tell. I seem to recall Power HA relying on it.

I recall reading that when you vary off an IASP, you can no longer use the
Libraries (or SQL Schemas) associated with it.

It seems to me that Libraries already offer a suitable means of separating
tenant data, without needing to assign disk units to each.

The "help" associated with INLASPGRP says that the SETASPGRP command can be
used to change the thread's initial setting.

Nathan.


On Thu, Oct 2, 2014 at 4:08 PM, Aaron Bartell <aaronbartell@xxxxxxxxx>
wrote:

The session or Job may be associated with an "Initial ASP Group", but what
does that mean? I doubt that it has anything to do with user-object
authority.

That's what I am trying to figure out. iASP is being declared, by IBM, as
a good SaaS-model-way to separate out multi-tenant situations (i.e. same
named libs but different iASP). What I am trying to determine is if this
SaaS they are talking about was in a situation where the user didn't have
access to a command line and instead it was only through a browser. I shot
an email off to IBM but also wanted to get community input.

Aaron Bartell

On Thu, Oct 2, 2014 at 4:40 PM, Nathan Andelin <nandelin@xxxxxxxxx> wrote:

I don't have a server with multiple IASPs to test this, but I question
the
assertion about users being "placed in" an IASP when they sign-in. The
session or Job may be associated with an "Initial ASP Group", but what
does
that mean? I doubt that it has anything to do with user-object authority.

Nathan.


On Thu, Oct 2, 2014 at 3:14 PM, Aaron Bartell <aaronbartell@xxxxxxxxx>
wrote:

Hello,

I have some iASP security questions I hope someone can answer. Let me
lay
out a scenario:

*Scenario*
- I have a single IBM i instance, let's call this IBMi1
- I have two IASPs configured, IASP1 and IASP2
- I have two users configured, USR1 and USR2 (QSECURITY=30,
USRCLS(*PGMR))
- USR1 has a *JOBD with INLASPGRP(IASP1)
- USR2 has a *JOBD with INLASPGRP(IASP2)
- I have two libs, LIB1 is in IASP1 and LIB2 is in IASP2
- I have two RPG *PGM objects, RPG1 is in LIB1 and RPG2 is in LIB2

When USR1 logs into a IBMi1 5250 session (and inherently placed in
IASP1),
can they see or attempt to invoke LIB2/RPG2 in IASP2 if the authority
is
*PUBLIC(*USE)?

Can USR1 see or invoke IFS files in IASP2 if files are set to chmod
go+rx?

I would test this myself except I am having issues setting up the
scenario
on IBM's PDP
<


https://www-304.ibm.com/partnerworld/wps/servlet/ContentHandler/stg_com_sys_power-development-platform

service
(I have an email into support). I would try iASP on the variety of
other
servers I have access to, but I don't want to accidentally hose
anything
:-P

Thanks,
Aaron Bartell
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.