× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. July 2006

Re: Create Table Security

Thanks for posting the extra text - it sure looks like a lot of 'look at previous messages' stuff - LOL. But it does have more information.
Looks like user AMPGMR does not have adequate authority to user profile MARK. From SQL Reference I see this under the authorization discussion in the CREATE TABLE section:
If SQL names are specified and a user profile exists that has the same name as the library into which the table is created, and that name is different from the authorization ID of the statement, then the privileges held by the authorization ID of the statement must include at least one of the following: 
-- The system authority *ADD to the user profile with that name
-- Administrative authority
Earlier in the manual, administrative authority is said to belong to the security officer and to those users with *ALLOBJ. So you are left with *ADD rights to user profile MARK, which most folks are not going to have. Therefore, this fails. It might work if you create the table into a library whose name is not the same as a user profile.
And the authorization ID is the user profile of the person who ran STRSQL if the statement is run there - other ways this ID is determined are discussed in the manual.
Make sense? Security in SQL is sometimes confusing - and that is an understatement! But it is all in the SQL Reference if you can take the time to wade through it. Especially concepts like authorization ID. 

HTH
Vern

At 04:28 PM 7/25/2006, you wrote:


Unfortunately, the second level text is not very helpful but here it is.

Message ID . . . . . . :   CPC2206       Severity . . . . . . . :   00
Message type . . . . . :   Completion
Date sent  . . . . . . :   07/25/06      Time sent  . . . . . . : 13:58:54
Message . . . . :   Ownership of object CHAIN in MARK type *FILE changed.

Cause . . . . . :   The ownership of object CHAIN in library MARK type
*FILE
  has changed.


Message ID . . . . . . :   CPF3224       Severity . . . . . . . :   40
Message type . . . . . :   Diagnostic
Date sent  . . . . . . :   07/25/06      Time sent  . . . . . . : 13:58:54
Message . . . . :   Not authorized to perform operation on file CHAIN.
Cause . . . . . :   The requested operation was not done for file CHAIN in

  library MARK because of insufficient authority to an object required to

  perform the operation.
Recovery  . . . :   Get the necessary authority from your security
officer.
  Then try the request again.


Message ID . . . . . . :   CPF22BE       Severity . . . . . . . :   40
Message type . . . . . :   Diagnostic
Date sent  . . . . . . :   07/25/06      Time sent  . . . . . . : 13:58:54

Message . . . . :   Function not done for user profile AMPGMR.
Cause . . . . . :   The function could not be done for one of the users
for
  whom the function was requested.
Recovery  . . . :   See the messages previously listed in the joblog.
Correct
  the errors.  Try the command again.


Message ID . . . . . . :   CPF2227       Severity . . . . . . . :   40
Message type . . . . . :   Escape
Date sent  . . . . . . :   07/25/06      Time sent  . . . . . . : 13:58:54

Message . . . . :   One or more errors occurred during processing of
command.
Cause . . . . . :   See previous messages.
Recovery  . . . :   Correct the errors.  Submit the command again.


Message ID . . . . . . :   CPI32B1       Severity . . . . . . . :   00
Message type . . . . . :   Information
Date sent  . . . . . . :   07/25/06      Time sent  . . . . . . : 13:58:54

Message . . . . :   Constraint was removed.
Cause . . . . . :   Constraint CHAINPK was removed from file CHAIN in
library
  MARK for TYPE value *ALL, RMVCST value *RESTRICT. The parent file was *N
in
  library *N.


Message ID . . . . . . :   CPC32B1       Severity . . . . . . . :   00
Message type . . . . . :   Completion
Date sent  . . . . . . :   07/25/06      Time sent  . . . . . . : 13:58:54

Message . . . . :   1 constraint(s) removed from file CHAIN.
Cause . . . . . :   File CHAIN in library MARK had 1 of 1 constraints
removed.
  See previous messages for the names of the constraints removed. If a
  constraint was changed to the defined state and message CPI32B6 was
sent,
  the number of constraints removed will include these constraints even
though
  they were not removed. See previous messages for the reason why
constraints
  were not removed.


Message ID . . . . . . :   SQL0551       Severity . . . . . . . :   30
Message type . . . . . :   Diagnostic
Date sent  . . . . . . :   07/25/06      Time sent  . . . . . . : 13:58:54

Message . . . . :   Not authorized to object MARK in *N type *USRPRF.
Cause . . . . . :   An operation was attempted on object MARK in *N type

  *USRPRF.  This operation cannot be performed without the required
authority.
Recovery  . . . :   Obtain the required authority from either the security

  officer or the object owner. If you are not authorized to a logical
file,
  obtain the authority to the based-on files of the logical file. Try the

  operation again.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.