× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Apparently you're making assumptions. I never said anything about external access via ODBC, as the conversation was about QM, and somewhat about it being a replacement for WRKQRY.

Having said that, our database is *PUBLIC *EXCLUDE, so only the subset of end users that we allow to use Query or QM can even read the database (and they can only read it). Also ODBC is restricted and monitored via exit programs. But again, that wasn't part of the conversation. You might want to stay on topic, as this thread is about QM authorization, not all SQL access authorization.


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Oberholtzer
Sent: Monday, June 18, 2012 13:34
To: Midrange Systems Technical Discussion
Subject: Re: QMQRY and authority issue

So, your users just run the SQL from Excel, Word, or any other program that provides an ODBC interface to the system? Unless you have the exits blocked, they can do it anyway. I get the point but just restricting command line access and QM does not get you to a secured environment with respect to SQL.

Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On 6/18/2012 3:28 PM, Robert Houts wrote:
The STRQM option 10 authorizations are not silly at all. While it is true that using STRQMQRY you can run any SQL statement in the *QMQRY you specify, if the user is restricted to the STRQM menu then the user is restricted to only running *QMQRYs (via option 9) that contain no unauthorized statements. Pressing F22 and then using RUN QUERY to run an existing query is also restricted to running no unauthorized statements.

Also, on the Work with Query Manager Queries screen (option 1 from STRQM), when the user uses option 1 (create) to create a QM query, or option 2 (change) to change a query, the user can only use authorized statements. This prevents the user from using any statements you don't want them to use, which in turn prevents them from running any QM queries that contain any unauthorized statements. In fact, if the user attempts to edit a QM query that contains unauthorized statements, the user is prevented from starting the edit session.

In summary, if the user is restricted to only using STRQM, the authorizations make sense and are definitely needed.

Why would you allow your end users to use STRQMQRY directly? None of our end users have command line access and we don't give them a menu option for that. They are limited to a few specific statements and have only read access to the production database. They have full access to their own query libraries. Also, they are restricted to only running their QM queries in batch. WRKQRY didn't have that capability, and neither does WRKQMQRY.

As far as WRKQMQRY being a better replacement for WRKQRY, no, it's not (at least not for end users). Users should be restricted in the things they do, so STRQM is the proper replacement. Besides, you don't have options in WRKQMQRY to create or edit QM queries (not directly). Although there is an option to create a QM query from a source member and one to retrieve the source from a QM query, you would have to give your end users authorization to a source editor (such as SEU). The editor in STRQM, while rudimentary, at least gives some prompting support. You don't have any prompting or syntax checking support for SQL in SEU. Plus, you'd have to buy the tools for your production system in order to even have SEU available. Many shops only buy those tools for their development systems.

-----Original Message-----
From:midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Vern Hamberg
Sent: Monday, June 18, 2012 10:17
To: Midrange Systems Technical Discussion
Subject: Re: QMQRY and authority issue

The authority in STRQM applies only in that utility - if you use STRQMQRY, you can run any SQL statement in the *QMQRY you specify.

That *QMQRY can be what you created in opt 1 of QMQRY.

So I think the STRQM opt 10 authorizations are just plain silly.

By the way - QMQRY is NOT the STRQM environment - it is an object type that you can run using STRQMQRY - STRQMQRY is the replacement for RUNQRY, perhaps.

STRQM, as Rob said, is more like the replacement for WRKQRY. But I think a better replacement for actually USING QMQRY's is WRKQMQRY.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.