× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.




Hi, Brad:

If you prompt the CRTPF command (for example), and press F10=Additional parameters, and page all the way down, you will see that the last parameter is "Authority ..." (AUT). It defaults to *LIBCRTAUT. That is, it inherits the default *PUBLIC authority from the containing library. That is also true for most, if not all, "create" commands ... they all have an AUT parameter to assign the default *PUBLIC authority.

When the system creates a QTEMP library for a job, it is created with AUT(*SYSVAL), so it inherits from the system value QCRTAUT. When I issue:
DSPLIBD QTEMP

I see:
Create authority . . . . : *SYSVAL

Rather than having to find and change every occurance of a create command within your entire web application, you could just run the following CL command, somewhere "early" during the initialization (start-up) of your web job(s):

CHGLIB LIB(QTEMP) CRTAUT(*ALL)

or issue this somewhere prior to when your job is about to create any objects in QTEMP. That way, the default AUT(*LIBCRTAUT) will inherit *ALL from the QTEMP library.

NOTE: if some objects have already been created in QTEMP, prior to issuing the above CHGLIB command, it will be "too late" for those objects, as changing this attribute only changes the *LIB itself, and not any objects that already exist within that library.

You could call a program that adopts authority of a "powerful" profile, to do any "clean up" or "deleting" of pre-existing objects, where that profile has *ALLOBJ authority, and that way, you can ensure that it will be able to delete any objects in QTEMP, no matter what userID created them.

Hope that helps,

Mark S. Waterbury

> On 3/18/2016 9:48 AM, Bradley Stone wrote:
Interesting scenario here I thought I would throw out for some ideas.

An application uses QTEMP for temporary files. It builds files as part of
a process. For normal batch or interactive jobs it works fine. QTEMP is
unique to that Job.

The process looks like this:

1. Delete any existing QTEMP files
2. Create new QTEMP files
3. Put data in them to process
4. Done.

Now throw this into a web server situation. The jobs change the User ID
for the process from QTMHHTTP to a real user ID.

A file in QTEMP is created, process completes, all is good. Files in QTEMP
are left there.

A new user comes along and changes the User of the job. Now the process
errors out because the new user doesn't have the right authorities to the
object in QTEMP to clear it or remove it and start over.

Any ideas on how to make this work without having to change authorities to
the QTEMP objects or delete them each time? Or give users *ALLOBJ
authority?

I guess I'm looking for some sort of flag that we can say "when you create
an object in QTEMP, make it so any User ID can work with it.". I'm
guessing there isn't such an animal, but I am curious.

Brad
www.bvstools.com



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.