× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Pete,

You may want to think about using an exit program on the JDBC/ODBC exit
points that can switch profiles.  Within the exit program you can switch
the client user to whoever you want them to be.  Look at the
documentation for exit points QIBM_QZDA_SQL1 and QIBM_QZDA_SQL2 for
details.  These are the JDBC/ODBC exit points.  This, I believe, will
get you where you want to go but I have a bias toward an exit point
solution.


Gary Monnier | Senior Software Developer

19426 68th Ave. S
Kent, WA 98032
(253) 872-7788 ext. 308
gary.monnier@xxxxxxxxxxxxx
www.powertech.com 
This email message and any attachments are intended only for the use of
the intended recipient named above and may contain information that is
privileged and confidential. If you are not the intended recipient, any
dissemination, distribution, or copying is strictly prohibited. If you
received this email message in error, please immediately notify the
sender by replying to this email message or by telephone and delete the
message from your email system. Thank you.




-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Pete Helgren
Sent: Friday, April 08, 2005 7:36 AM
To: Midrange Mailing List
Subject: Do I understand USRPRF *OWNER USEADPAUT *YES correctly?


I have been operating under the some assumptions about adopted authority

that have been recently challenged and I want to make sure I haven't 
missed something.

We have all the files in a library set to allow a specific user profile 
to have *ALL authority (lets call it FUSER) and *PUBLIC authority set to

*EXCLUDE.  All of the programs that access the files are owned by FUSER 
and the authority of those programs is set to USRPRF(*OWNER) and 
USEADPAUT(*YES).  As far as I know that prevents anyone from accessing 
these files outside of using specific programs unless they have *ALLOBJ 
authority (Correct?)

We need to access those same files through JDBC so we have a program 
that we call when we establish the connection in Java that sets the 
library list and file overrides (OVRSCOPE  (*JOB)).  That program is 
also owned by FUSER and is compiled USRPRF(*OWNER) and USEADPAUT(*YES).

This should prevent anyone who successfully connects through JDBC but 
doesn't call the program from getting access to the files (unless they 
have *ALLOBJ authority) (Correct?)

There are a dozen other things we do to secure the access but the thing 
I am most interested in is making sure the files ARE accessible through 
this method.  If the OVRSCOPE is *JOB and the program is owned by FUSER 
and FUSER has *ALL authority then the tables should be available to the 
Java program as long as the job (connection) is active (correct?)

Pete Helgren




-- 
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.