On 16/09/2008, at 1:08 AM, David FOXWELL wrote:

I have a request to restrict the use of a client update program depending on a user's authority level which is already coded in a PF.

And what's wrong with OS/400 security? Simply don't authorise this user to the program object and handle the exception when the call is made.

The program is an RPG called from a CL which is called from a menu.

I would like to be able to test the user's right to access the program in the RPG or CL and the use SNDPGMMSG to display the message at the bottom of the menu.

Is this before calling the "secure" program or IN the "secure" program? CHKOBJ can be used to verify authority to an object (or the QSYCUSRA API). Otherwise check the "security file" in your application. In both cases you can use SNDPGMMSG (or the QMHSNDPM API) to send an *ESCAPE message indication access denied.

I'm having trouble getting to grips with SNDPGMMSG. If I have : Menu, CLP1, CLP2 and I detect the message in CLP2, how do I get it the message to display on the menu?

SNDPGMMSG allows you to specify an invocation queue name and/or a relative invocation level. CLP2 can send directly to the menu by either knowing the name of its queue or by sending 2 levels above itself. Ideal is for CLP2 to send an *ESCAPE to its caller, which should monitor and resend the exception to its caller, which will automatically end up at the menu. This is STANDARD ERROR HANDLING and has been beaten to death previously. Search the archives.

I also have a sneaky feeling that this isn't the right way to go about the problem. Shouldn't there be a repertoire of programs with such a level of security and the level of security needed to access them?

I would always avoid security stored in a file and managed by the application. It is ALWAYS better to use the system facilities for securing object access.

Simon Coulter.
FlyByNight Software OS/400, i5/OS Technical Specialists

Phone: +61 2 6657 8251 Mobile: +61 0411 091 400 /"\
Fax: +61 2 6657 8251 \ /
ASCII Ribbon campaign against HTML E-Mail / \

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2020 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].