× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



On 12-Jul-2017 04:23 -0600, Gad Miron wrote:
[…] We have here a (admittedly primitive) small home grown
authorization system where users are authorized to certain PGMs
(and to PGM's features) in certain Libraries.

Like: User Bob is authorized to LIB1/PGM_A

this system is implemented by having each PGM call (in *INZSR) a
certain authority checking program (passing it's *PSSR's User, PGM
and Library) that returns a pass/fail indication
This works fine until some programmer compiles a PGM while it is in
use by some user.
The compile replaces the PGM and moves the original PGM obj to
QRPLOBJ

The scenario is as follows:

User has authority to LIB1/PGM_A

PGM_B calls PGM_A

PGM_A checks authority of user to LIB1/PGM_A – User passes the check.

LIB1/PGM_A is compiled. PGM_A in LIB1 is replaced, original PGM_A is
moved to QRPLOBJ

Note that in the above, the program name may *also* change; i.e. not just the library name, so be aware of and test for the case, wherein two programs that were named PGM_A had been recompiled.


PGM_A returns to caller (PGM_B)

PGM_B (re)calls PGM_A

PGM_A in QRPLOBJ gets called.

PGM_A checks authority of user to QRPLOBJ/PGM_A – User fails the check.

Any idea how to circumvent the issue?

Some options:

• force the call to the PGM_A to be dynamic so the new version of the program is always invoked despite any such recompile; i.e. rather than allowing an invocation from a saved/cached pointer, for which the old/moved/renamed program is being invoked, thus objects in QRPLOBJ will not be invoked. That requires all changes made to the program, for which a live-recompile is enabled, must be made aware of that possibility.

• do not promote changes into a live environment; objects in QRPLOBJ will not be invoked.

• special-case the library QRPLOBJ in the authorization checking program; i.e. override/replace the data from the PSSR for the program and library name, with the respective values obtained from the TEXT() portion of the actual program object that was invoked, using, IIRC, the Retrieve Object Description (QUSROBJD) API.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.