× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. May 2002

Re: Primary Group Profile object attribute

Ed,

Like Ken I've tried to figure out how to use the Primary Group Profile
attribute on IFS files in a practical way, but am not having much luck. How
does one actually create a group of users with PGP? How is it managed? Let's
say I have 5 users that I want to give access to all files in an IFS
directory. How do I set up the user profiles, group profiles, and PGP
attribute. An example would be very helpful!

Thanks,
Patrick


----- Original Message -----
From: "Ed Fishel" <edfishel@us.ibm.com>
To: <midrange-l@midrange.com>
Sent: Friday, May 03, 2002 1:14 PM
Subject: Re: Primary Group Profile object attribute


>
> Kenneth,
>
> >I have always been a little confused with how to utilize the primary
group
> >profile (PGP) object attribute in a general application security scheme.
> >
> >I have used carefully thought out object ownership schemes along with
> >authority lists and program adoption to control access to our production
> >application objects and this has work very well. However, I've never
taken
> >into account primary group profiles.
> >
> >Is this an attribute that might be useful in setting up a simple yet
> >effective security scheme for controlling access to IFS objects?
>
> Yes, primary group authority can be used for IFS objects. The Change
> Primary Group (CHGPGP) command is used to change the primary group of an
> IFS object and to set their primary group authorities.
>
> The reason that primary group authority exists is to allow you to provide
> better performance than you may get by using private authorities on a
group
> profile. The primary group authority is stored in the header of the object
> so checking that authority will be faster than looking up private
> authorities in a group profile. Its performance should be comparable to
the
> performance of using public authority.
>
> Ed Fishel,
> edfishel@US.IBM.COM
>
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> or email: MIDRANGE-L-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.