• Subject: Re: Restricting User Access
  • From: John Earl <johnearl@xxxxxxxxxx>
  • Date: Tue, 18 Nov 1997 23:27:19 -0800

At 12:11 PM 11/18/97 -0500, you wrote:
>on 11/17/97at 10:09 PM, the Great and Grand  Wazir John Earl
><johnearl@lns400.com> said:
>
>>
>>I'm trying to set up a user ID on the '400 that basically is not authorized
>>to anything.  I would like to then set up specific objects (pgms) that the
>>user is authorized to.
>
>Can you set up the user with an initial menu and initial program, where
>the only thing the profile can do is operate from that menu, or sign-off? 
>I've been thinking of a separate library for look-up data, work-files, and
>programs specific to that user's tasks.  I also made a new subsystem for
>the user's initial sign-in (with a unique ascii-art sign-in screen  -
>thanks Art, Vern, and all). 
>
>In other words, my answer to your problem is to try to limit the grazing
>range to fenced in and protected stuff.

Booth,

This only works if you can keep that user from logging on to a PC.  Client
Access allows accesses that your menu system can't detect.  

The question about how to keep any user from getting at *PUBLIC authority
cuts right to the heart of the Client Access world.  If *PUBLIC has *USE
rights to an object, Client Access let's them read it, execute it, and
transfer it to their C: drive regardless of what your menu security says.
If *PUBLIC has *CHANGE, well you know where I'm headed....

Your idea about creating a separate library is a good one.  Be sure to give
the users only the access they need (*USE to programs, *USE or *CHANGE to
files as appropriate).  Client Access still must abide by OS/400 object
authority.  It's just that too often our object authority is set too loosely.


jte



>
>----------------------------------------------------
>Booth Martin     
>---------------------------------------------------
>
>
>
>+---
>| This is the Midrange System Mailing List!
>| To submit a new message, send your mail to "MIDRANGE-L@midrange.com".
>| To unsubscribe from this list send email to MAJORDOMO@midrange.com
>|    and specify 'unsubscribe MIDRANGE-L' in the body of your message.
>| Questions should be directed to the list owner/operator: david@midrange.com
>+---
>
>
*********************************
* John Earl                     *
* Lighthouse Software Inc.      *
* 8514 71st NW                  *
* Gig Harbor, WA 98335          *
* 253-858-7388                  *
* johnearl@lns400.com           *
*********************************



+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to "MIDRANGE-L@midrange.com".
| To unsubscribe from this list send email to MAJORDOMO@midrange.com
|    and specify 'unsubscribe MIDRANGE-L' in the body of your message.
| Questions should be directed to the list owner/operator: david@midrange.com
+---


This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].