× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



The owner of the RPGLE program is SSA, and the owner of the SQLPKG that gets created in QGPL is also SSA.

I don't see the stored procedure as an object in QGPL, unless you mean the SQLPKG.
When I look at the stored procedure using Navigator, it's owned by SSA and *PUBLIC has *USE.

Best Regards,

Thomas Garvey


On 10/11/2021 1:15 PM, Mcgovern, Sean via MIDRANGE-L wrote:
Who is the OWNER of the stored procedure in QGPL? Set that to SSA.



-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Thomas Garvey
Sent: 11 October 2021 17:45
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: [EXTERNAL] Object authority issues

I REALLY hesitate to open up this issue, but I clearly don't understand something or am missing something obvious.

I have a stored procedure defined in QGPL which calls an SQLRPGLE program in another library, specified in the procedure.
The program is owned by a specific user (SSA) and is defined as: User profile *OWNER and Use Adopted Authority as *YES.

A user, whose Group Profile is SSA, calls a PC application program, which calls the stored procedure but receives an SQL0551 error

SQL0551
Message Text: Not authorized to object &1 in &2 type *&3.
Cause Text: An operation was attempted on object &1 in &2 type *&3. This operation cannot be performed without the required authority.
Recovery Text: Obtain the required authority from either the security officer, the object owner, or a user that is authorized to the QIBM_DB_SECADM function. If you are not authorized to a logical file, obtain the authority to the based-on files of the logical file. Try the operation again.

The program has *PUBLIC as *USE, *GROUP SSA has *ALL for object authorities.

My apparently limited grasp of authority tells me that the user has *USE authority to the program object, and by that authority should then adopt the authority of the owner, which then allows authority to use the files and data the object uses.

Why doesn't the user, who is part of the Group Profile that owns the object, and has *USE authority have authority to use the program?
Further, I've tried changing the object authority on the program *USER to *ALL, changed the owner of the object to the actual user itself, all to no avail.

The only thing that works is giving the calling user All Object authority, and I obviously can't do that.

Using Carol Woodbury's book (i5/OS Security) and Authority Search Progression chart, authority short of All Object authority, is available as it is setup, no?


Best Regards,

Thomas Garvey


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://urldefense.com/v3/__https://lists.midrange.com/mailman/listinfo/midrange-l__;!!NFcUtLLUcw!CerSzrW-6ko6E7yu85y5YFWTfhzUTU-xsQrlTCNJu25CbgQCMWqzoRC3DHiSkB-rXlZe$
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at https://urldefense.com/v3/__https://archive.midrange.com/midrange-l__;!!NFcUtLLUcw!CerSzrW-6ko6E7yu85y5YFWTfhzUTU-xsQrlTCNJu25CbgQCMWqzoRC3DHiSkCI4dpip$ .

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://urldefense.com/v3/__https://amazon.midrange.com__;!!NFcUtLLUcw!CerSzrW-6ko6E7yu85y5YFWTfhzUTU-xsQrlTCNJu25CbgQCMWqzoRC3DHiSkPeTcU3u$
[CONFIDENTIALITY AND PRIVACY NOTICE] Information transmitted by this email is proprietary to Medtronic and is intended for use only by the individual or entity to which it is addressed, and may contain information that is private, privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please delete this mail from your records. To view this notice in other languages you can either select the following link or manually copy and paste the link into the address bar of a web browser: http://emaildisclaimer.medtronic.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.