× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2007

RE: Adopted authority and triggers

Thank you for sharing your information center search expertise! I read
the link you suggested. It says "Circumvention None". Nevertheless, I
tried the recommendation for trigger creation that you found on the
information center. I still get the CPF4236. So I guess this isn't a
circumvention recommendation, but good design practice that we should
probably adopt even though it does not fix the immediate problem.

Thank you once again for taking the time to help me understand the
issue.

Roger Mackie

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Ed Fishel
Sent: Wednesday, April 04, 2007 9:02 AM
To: Midrange Systems Technical Discussion
Subject: RE: Adopted authority and triggers


Walden H Leverich wrote on 04/03/2007 06:01:47 PM:

I would have first expected that a user's authority to a trigger
program would either be ignored, or at least honor the adopted
authority. I say this because the trigger is, conceptually, a
component of the DBMS.
Honoring the authority on the trigger program is somewhat akin to
preventing you from inserting a row into a physical because there's an

access path built over it that you don't have access to, and therefore

you can't update that access path.

Yesterday afternoon I found these recommendations in the information
center.


Create the program with USRPRF(*OWNER) and *EXCLUDE public authority,
and do not grant authorities to the trigger program to USER(*PUBLIC).
Avoid having the trigger program altered or replaced by other users.
The database calls the trigger program even if the user causing the
trigger program to run has authority to the trigger program.

Create the program in the physical file's library.

After reading this recommendation I did not understand why the public
authority of the trigger program should be *EXCLUDE but the public
authority of its library would cause it to not be called. I talked to
some people and they led me to this:

http://www-1.ibm.com/support/docview.wss?rs=0&q1=SYSTEM+I&q2=SE24253&uid
=nas2f38beb54b4aebe1f8625710a0072e90b&loc=en_US&cs=utf-8&cc=us&lang=en
(I found the page by going to http://www.ibm.com/support/us/ and typing
"System i" in the Search Technical support search field and pressing
Enter.
I then typed "SE24253" in the Additional Search terms field and pressed
Enter again.) The bottom line is that this is a known problem and it
will be fixed.

Ed Fishel,
edfishel@xxxxxxxxxx

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.