In this case, the initial program specifies both a program and a library
(not *LIBL). Would in that case it look for Q36PRC in that library? If
so, we still have an issue, as the user does not have authority to the
library.

Here's the user's initial program:
Initial program . . . . . . . . . . . . . : FFMINLPGM
Library . . . . . . . . . . . . . . . . : FFMSYSPROD

The user has no authority to FFMSYSPROD. Further, there is no proc member
called FFMINLPGM in QS36PRC in FFMSYSPROD.

Curiouser and curiouser...

Haven't called Sungard yet, as this is our stuff, not really theirs.



Jeff Carey
System i Manager
Fimat Facilities Management Inc.




CRPence <crp@xxxxxxxxxxxxxxxxxxxx>
Sent by: midrange-l-bounces@xxxxxxxxxxxx
10/03/2007 03:33 PM
Please respond to
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>


To
midrange-l@xxxxxxxxxxxx
cc

Subject
Re: S/36 Environment and Security






A difference may be seen, when the named initial program results in
the signon invoking a procedure versus a program. Either way, the
security will be enforced.

If INLPGM(*LIBL/ThePgm) is assigned, and there is a procedure ThePgm
in *LIBL/QS36PRC, then [for a user running with SPCENV(*S36)] the
procedure will be run instead of a *PGM. In that case, what authority
the user has to the *PGM object *LIBL/ThePgm is moot. The library could
be named versus a special value, and the same situation.

The signon processor for S36E is QEXSIGN. That program looks for a
procedure name first, and then for a program by the name specified for
Initial Program. This can be inferred from the following tests:

If the user is not authorized to the procedure [i.e. the procedures
implementation object, the source file named QS36PRC] found by the
naming specified for initial program, then the error:
SYS7293 Escape 99 10/03/07 15:20:05.744880
QEXSIGN QSSP 0D9B *EXT
Message . . . . : SYS7293 User not authorized to access QS36PRC.

If the named initial program is not found neither as a procedure nor
as a program, then the error:
SYS5514 Escape 99 10/03/07 15:21:12.967984
QEXSIGN QSSP 0D9B *EXT
Message . . . . : SYS5514 Procedure CRPCMD not found.
Cause . . . . . : This procedure could not be found in the specified
library, your default library, or the system library (#LIBRARY).

If the named initial program is not found as a procedure, but is
found as a program to which the user has not authority, then just like
the SPCENV(*NONE) user, the signon fails for lack of authority to the
initial program *PGM object:
SYS7293 Escape 99 10/03/07 15:23:24.734288
QEXSIGN QSSP 0D9B *EXT
Message . . . . : SYS7293 User not authorized to access CRPCMD.

Cause . . . . . : You entered a command but you are not authorized
to the object identified.

Regards, Chuck

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].