Re: Create Table Security

[Vernon Hamberg <vhamberg@xxxxxxxxxxx>]

Thanks for posting the extra text - it sure looks like a lot of 'look 
at previous messages' stuff - LOL. But it does have more information.

Looks like user AMPGMR does not have adequate authority to user 
profile MARK. From SQL Reference I see this under the authorization 
discussion in the CREATE TABLE section:

If SQL names are specified and a user profile exists that has the 
same name as the library into which the
table is created, and that name is different from the authorization 
ID of the statement, then the privileges
held by the authorization ID of the statement must include at least 
one of the following:
-- The system authority *ADD to the user profile with that name
-- Administrative authority

Earlier in the manual, administrative authority is said to belong to 
the security officer and to those users with *ALLOBJ. So you are left 
with *ADD rights to user profile MARK, which most folks are not going 
to have. Therefore, this fails. It might work if you create the table 
into a library whose name is not the same as a user profile.

And the authorization ID is the user profile of the person who ran 
STRSQL if the statement is run there - other ways this ID is 
determined are discussed in the manual.

Make sense? Security in SQL is sometimes confusing - and that is an 
understatement! But it is all in the SQL Reference if you can take 
the time to wade through it. Especially concepts like authorization ID.

HTH
Vern

At 04:28 PM 7/25/2006, you wrote:

> Unfortunately, the second level text is not very helpful but here it is.
>
> Message ID . . . . . . :   CPC2206       Severity . . . . . . . :   00
> Message type . . . . . :   Completion
> Date sent  . . . . . . :   07/25/06      Time sent  . . . . . . : 13:58:54
> Message . . . . :   Ownership of object CHAIN in MARK type *FILE changed.
>
> Cause . . . . . :   The ownership of object CHAIN in library MARK type
> *FILE
>   has changed.
>
>
> Message ID . . . . . . :   CPF3224       Severity . . . . . . . :   40
> Message type . . . . . :   Diagnostic
> Date sent  . . . . . . :   07/25/06      Time sent  . . . . . . : 13:58:54
> Message . . . . :   Not authorized to perform operation on file CHAIN.
> Cause . . . . . :   The requested operation was not done for file CHAIN in
>
>   library MARK because of insufficient authority to an object required to
>
>   perform the operation.
> Recovery  . . . :   Get the necessary authority from your security
> officer.
>   Then try the request again.
>
>
> Message ID . . . . . . :   CPF22BE       Severity . . . . . . . :   40
> Message type . . . . . :   Diagnostic
> Date sent  . . . . . . :   07/25/06      Time sent  . . . . . . : 13:58:54
>
> Message . . . . :   Function not done for user profile AMPGMR.
> Cause . . . . . :   The function could not be done for one of the users
> for
>   whom the function was requested.
> Recovery  . . . :   See the messages previously listed in the joblog.
> Correct
>   the errors.  Try the command again.
>
>
> Message ID . . . . . . :   CPF2227       Severity . . . . . . . :   40
> Message type . . . . . :   Escape
> Date sent  . . . . . . :   07/25/06      Time sent  . . . . . . : 13:58:54
>
> Message . . . . :   One or more errors occurred during processing of
> command.
> Cause . . . . . :   See previous messages.
> Recovery  . . . :   Correct the errors.  Submit the command again.
>
>
> Message ID . . . . . . :   CPI32B1       Severity . . . . . . . :   00
> Message type . . . . . :   Information
> Date sent  . . . . . . :   07/25/06      Time sent  . . . . . . : 13:58:54
>
> Message . . . . :   Constraint was removed.
> Cause . . . . . :   Constraint CHAINPK was removed from file CHAIN in
> library
>   MARK for TYPE value *ALL, RMVCST value *RESTRICT. The parent file was *N
> in
>   library *N.
>
>
> Message ID . . . . . . :   CPC32B1       Severity . . . . . . . :   00
> Message type . . . . . :   Completion
> Date sent  . . . . . . :   07/25/06      Time sent  . . . . . . : 13:58:54
>
> Message . . . . :   1 constraint(s) removed from file CHAIN.
> Cause . . . . . :   File CHAIN in library MARK had 1 of 1 constraints
> removed.
>   See previous messages for the names of the constraints removed. If a
>   constraint was changed to the defined state and message CPI32B6 was
> sent,
>   the number of constraints removed will include these constraints even
> though
>   they were not removed. See previous messages for the reason why
> constraints
>   were not removed.
>
>
> Message ID . . . . . . :   SQL0551       Severity . . . . . . . :   30
> Message type . . . . . :   Diagnostic
> Date sent  . . . . . . :   07/25/06      Time sent  . . . . . . : 13:58:54
>
> Message . . . . :   Not authorized to object MARK in *N type *USRPRF.
> Cause . . . . . :   An operation was attempted on object MARK in *N type
>
>   *USRPRF.  This operation cannot be performed without the required
> authority.
> Recovery  . . . :   Obtain the required authority from either the security
>
>   officer or the object owner. If you are not authorized to a logical
> file,
>   obtain the authority to the based-on files of the logical file. Try the
>
>   operation again.
> --
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.