How we do it is we have our authentication service program running with adopted authority. The service program that does the swaps has access to the profiles, not the http server user profile.
Brian May
IBM i Modernization Specialist
Profound Logic Software
http://www.profoundlogic.com
937-439-7925 Phone
877-224-7768 Toll Free
Modernization Made Easy!
www.profoundlogic.com
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Mike Cunningham
Sent: Tuesday, May 27, 2014 11:29 AM
To: Midrange Systems Technical Discussion
Subject: RE: row and column access in 7.2 and web applications
Last time I looked at the switch profiles command the user profile of the job running the command needed to have authorization to use every other user profile. So in this case the HTTP server user profile would need to be granted access to all other user profiles?
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Brian May
Sent: Tuesday, May 27, 2014 12:01 PM
To: Midrange Systems Technical Discussion
Subject: RE: row and column access in 7.2 and web applications
Yes, our product can maintain a persistent CGI connection. So the user's web session is tied to a specific job running in the HTTP server. We swap the user profile of that job to the logged in user, allowing all DB2 and object level security to be honored.
Doing this does not necessarily mean you MUST have a persistent connection. Any job can switch profiles. The interesting part is passing, storing, and validating credentials in a secure manner.
Brian May
IBM i Modernization Specialist
Profound Logic Software
http://www.profoundlogic.com
937-439-7925 Phone
877-224-7768 Toll Free
Modernization Made Easy!
www.profoundlogic.com
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Nathan Andelin
Sent: Tuesday, May 27, 2014 9:54 AM
To: Midrange Systems Technical Discussion
Subject: Re: row and column access in 7.2 and web applications
Mike,
I can offer a license to our Web Portal, which has a menu system, where each menu item can be configured to launch separate application instances
(Jobs) for each user, and run under that user's IBM i profile.
Profound UI may offer something similar, via their persistent CGI interface, but I'm not sure.
-Nathan
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at
http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at
http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at
http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.