× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2007

RE: Adopted authority and triggers

Don't suppose there's any chance of letting users *USE the library? This
prevents them from creating anything, but (depending on the object level
authority) should let them do what is needed for processing...

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Mackie, Roger L.
(Precision Press)
Sent: Tuesday, April 03, 2007 12:01 PM
To: Midrange Systems Technical Discussion
Subject: RE: Adopted authority and triggers

The SQLRPGLE invokes the following before preparing the SQL statement:
C/EXEC SQL
C+ SET OPTION USRPRF=*OWNER,
C+ DYNUSRPRF=*OWNER,
C+ ...
C/END-EXEC

It seems to work fine except with the update triggers. I'm confident
that Ed Fishel's description of the problem is on the mark:


"...if the trigger program is in this library...then a user will not be
authorized to call that trigger program if you have excluded them from
that library. If this is the case, then even if the trigger program
adopts authority from QSECOFR, it will not help because the not
authorized problem is occurring before the trigger program has a chance
to run."

I felt that was the issue, but could not find the right words to
describe it. Unless someone has a better idea, I need to move the
triggers to a library to which LMTUSR has access or use a data queue to
send the information to a job whose user does have authority to the
library. To cut down on the proliferation of libraries (on our single
iSeries we would need at least two trigger libraries--one for triggers
against production data and one for test data libraries) we are leaning
towards the data queue solution.

Thanks everyone for your input.
Roger Mackie

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Brian
Sent: Tuesday, April 03, 2007 11:24 AM
To: Midrange Systems Technical Discussion
Subject: Re: Adopted authority and triggers

Roger,

On your SQLRPGLE program, check to see what is specified for Dynamic
User Profile; the default is *USER. To fully adopt authority when
creating an SQLRPGLE program, you need to specify DYNUSRPRF(*OWNER) on
the CRTSQLRPGI command in addition to USRPRF(*OWNER).

Kind regards,

BJ



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.