|
Tim before you start working on exits etc is there a reason why you just can't have access to payroll libraries set as *PUBLIC *EXCLUDE and ensure that your ODBC profile is not one of the authorised profiles ? Your method seems backwards to me - generally I think that additional access should be should be granted rather than granting authority to all and then using some other method to revoke and deny access. To further explain, it seems to me like giving everyone the combination to a safe and then having a guard compare names to a list of those allowed to use the combination. It would make more sense to not give people the combination in the first place..... Sorry this doesn't exactly address your question, but if I had to do this I wuld probably revisit my base security set up - I avoid complex security wherever possible if only because it is too hard to demonstrate to auditors.... Regards Evan Harris >This message is in MIME format. Since your mail reader does not understand >this format, some or all of this message may not be legible. >-- >[ Picked text/plain from multipart/alternative ] >I didn't want to scan through a possible 32k sql string looking for >libraries I didn't want to allow, so I figured switching the authority would >be better and faster.... And more secure... > >tim > > > -----Original Message----- > > From: Dr Syd Nicholson [SMTP:sydnic@ccs400.com] > > Sent: Friday, April 12, 2002 4:11 PM > > To: midrange-l@midrange.com > > Subject: Re: Exit Point Question/profile switching... > > > > Instead of trying to switch user profiles, perhaps you could use the > > exit point to restrict access to the appropriate libraries. This would > > be easier I think. > > > > Syd Nicholson > > > > > > Hatzenbeler, Tim wrote: > > > > >This message is in MIME format. Since your mail reader does not > > understand > > >this format, some or all of this message may not be legible. > > >-- > > >[ Picked text/plain from multipart/alternative ] > > > Is this possible and if so is there a simple CL command to do it? > > >I would like to add a exit point program to QIBM_QZDA_INIT to switch the > > >userprofile to a less powerful profile (for users not found in a control > > >table). What command would I use? And if so, would the profile switch > > >exist when they make the QIBM_QZDA_SQL1 call, or would I need to switch > > the > > >profile here also? > > >Or am I doing this all wrong? > > >My goal is this, to create a user profile that excludes our payroll > > library, > > >and give the odbc requests this profile... > > >Thanks, tim
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.