× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



The program that I copied that source out of runs as *OWNER. That
doesn't help with authorities on the IFS, but at another point in the
program it uses the QSYGETPH and QWTSETP api's to swap the running job
to a profile with the proper authorities. It then swaps back to the
users profile. When you do that, you need to be very careful that you
trap all errors and deal with them. If something blows up while switched
and the user gets a command line, then they have the authority of the
profile with elevated privileges.




Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf
Of Dan
Sent: Monday, September 10, 2018 7:54 PM
To: Midrange Systems Technical Discussion
Subject: Re: How to retrieve all user profiles in an IFS object's
authority

Thanks Scott. Apparently, this happens often enough that the support
people are tired of tracking this down and fixing it. Also, when the
users are
halted from continuing, it quickly becomes a human metrics issue.

If the application runs into the issue where a user doesn't have
sufficient
authority to remove others' authorities or to add *PUBLIC DTAAUT(*RWX)
OBJAUT(*ALL), the application could capture that and send an email to
support. I'm not sure how the users are set up authority-wise on
production.

- Dan

On Mon, Sep 10, 2018 at 3:43 PM, Scott Klement <midrange-
l@xxxxxxxxxxxxxxxx>
wrote:

Dan,

Personally, I would catch the error, and then pop up a message
telling
the user to contact the administrator (or whomever is appropriate)
for
assistance. Someone familiar with authorities should be able to
very
easily look at the files and fix the authority problems.

If you really need to get a listing of all user authorities (which
seems like a much more complicated solution) you could do so with
the
Qp0lGetAttr() API. You could loop through the responses and remove
those authorities... but, to my mind, this seems like overkill.

And, of course, the user would need sufficient authority to remove
the
other users' authority (remember, adopted authority won't work here)
which makes this even more complicated.

-SK

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.