Thanks for asking questions that force me to attempt more clarity.
Here's what I envision and theorize. Please correct any
misunderstandings and security exposures this presents.
User LMTUSR is has *EXCLUDE authority to the data libraries. LMTUSR sees
information only through external stored procedures (in a library to
which it has *USE authority) that adopt authority (to which the *OWNER
has *ALL authority). LMTUSR needs to see the information the stored
procedure returns, but is excluded from the data if they do not use the
stored procedures that adopt authority. Correct so far?
We will only need to use the data queue technique when LMTUSR needs to
update information. LMTUSR will call a stored procedure that adopts
authority. With that authority, the stored procedure will place job
information, a processing code and the data to insert/update on to a
generic queue. It will then wait for an answer on a separate data queue
keyed by job. The generic data queue receiver runs in a batch job whose
user has *ALL authority to the data libraries. The triggers should not
forbid opening the files in that job. Using the processing code, the
queue watcher will insert/update the files. It will place an entry for
the calling job on the keyed data queue which reports on the success or
failure of the insert/update. When it detects a queue entry addressed to
its job, the stored procedure will put the reported answer in an OUT
parameter.
If I was bright enough to write a generic stored procedure that would
work for a variety of files, I can see how it might provide unacceptable
access to the database. But my efforts are much humbler than that. I'll
be writing a separate stored procedure for every insert/update. If
LMTUSR can only insert data using a very limited stored procedure, how
does that let LMTUSR see and/or update restricted information? LMTUSR
won't know the data queue name, won't have access to the library it is
in even if LMTUSR did know the name, and the queue doesn't answer
requests for data. At my level of understanding, it appears that LMTUSR
can only see the data we explicitly allow. LMTUSR cannot see data the
stored procedure does not explicitly include in the return values.
It's getting late in the work day and I'm not sure this posting is very
coherent. I'll try to evaluate and answer any responses pointing out my
failures tomorrow when (hopefully) my mind is fresher.
Roger Mackie
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[
mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Scott Klement
Sent: Tuesday, April 03, 2007 3:37 PM
To: Midrange Systems Technical Discussion
Subject: Re: Adopted authority and triggers
Wouldn't data queues have the same problem? i.e. anyone who can write
to the data queue, or receive from the data queue, can get the data?
As an Amazon Associate we earn from qualifying purchases.