|
Chris, At 04:44 PM 11/17/97 -0500, you wrote: > >Hello everyone! > >I have a security question that some of you may be able to help me with. > >Simply put -- Do you know if there is a way to create a user profile that >is NOT authorized to anything? A while back I was lobbying IBM to create just such a profile. What I was asking for was a bit in the user profile that would say "this user cannot get authority to user domain objects from *PUBLIC". This would be great boon to folks who wanted to put legacy /400's on the net but were scared silly about the 'openness' of their boxes. Some members of the security team told me that they looked at this really hard, but determined that their was no way to implement it without affecting the peformance of every AS/400 object lookup. (The problem being that public authorities are stored with the object. This scheme would require that even if the object was *PUBLIC *ALL, you would still incur a lookup against the user profile object to see if this particular profile was restricted from public access). > >I'm trying to set up a user ID on the '400 that basically is not authorized >to anything. I would like to then set up specific objects (pgms) that the >user is authorized to. They have created something mildly similar in V4R1 called Validation Lists. Validation Lists can be though of as 'Internet Profiles' (even though their capable of bunches more stuff). With Validation Lists you can store an encrypted key (read: password) with a unique identifier (read: profile) on the /400 and use this to authenticate users to objects without having to create individual profiles for those users. (Usefull in an internet application where you are dealing with poitentially thousands of people that you don't want to give real AS/400 user profiles to). Hope This Helps, but if it doesn't write back with a little more detail about what you're trying to accomplish and we'll all take another stab at it. jte > >Any help is greatly appreciated .....Thanks! > > >Chris Ring >Senior Systems Analyst >Arksys Inc. >Little Rock, Arkansas > > >+--- >| This is the Midrange System Mailing List! >| To submit a new message, send your mail to "MIDRANGE-L@midrange.com". >| To unsubscribe from this list send email to MAJORDOMO@midrange.com >| and specify 'unsubscribe MIDRANGE-L' in the body of your message. >| Questions should be directed to the list owner/operator: david@midrange.com >+--- > > ********************************* * John Earl * * Lighthouse Software Inc. * * 8514 71st NW * * Gig Harbor, WA 98335 * * 253-858-7388 * * johnearl@lns400.com * ********************************* +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to "MIDRANGE-L@midrange.com". | To unsubscribe from this list send email to MAJORDOMO@midrange.com | and specify 'unsubscribe MIDRANGE-L' in the body of your message. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
