× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



I like that idea. We don't do much with data queues here, but we already
use the SPAWN api a few places. I wonder if that is enough of a sandbox.
Spawn a new process that changes the user. I will have to test that.




Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf
Of Rob Berendt
Sent: Tuesday, September 11, 2018 8:38 AM
To: Midrange Systems Technical Discussion
Subject: RE: How to retrieve all user profiles in an IFS object's
authority

Kevin,

Good concern. I don't think the OP was getting that we recommended
profile switching and fixing the authority automatically.

Kevin, one way to get around your concern is to start up a new job
under the
proper user. When it's done it could communicate back to the other
program
that it's done. This avoid profile switching as it would use a
separate job.
One way the communication could be done is via a data queue.


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600
Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: "Kevin Bucknum" <Kevin@xxxxxxxxxxxxxxxxxxx>
To: "Midrange Systems Technical Discussion"
<midrange-l@xxxxxxxxxxxx>
Date: 09/11/2018 08:29 AM
Subject: RE: How to retrieve all user profiles in an IFS
object's
authority
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



The program that I copied that source out of runs as *OWNER. That
doesn't help with authorities on the IFS, but at another point in the
program it uses the QSYGETPH and QWTSETP api's to swap the running job
to a profile with the proper authorities. It then swaps back to the
users profile. When you do that, you need to be very careful that you
trap all errors and deal with them. If something blows up while
switched
and the user gets a command line, then they have the authority of the
profile with elevated privileges.




Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On
Behalf
Of Dan
Sent: Monday, September 10, 2018 7:54 PM
To: Midrange Systems Technical Discussion
Subject: Re: How to retrieve all user profiles in an IFS object's
authority

Thanks Scott. Apparently, this happens often enough that the
support
people are tired of tracking this down and fixing it. Also, when
the
users are
halted from continuing, it quickly becomes a human metrics issue.

If the application runs into the issue where a user doesn't have
sufficient
authority to remove others' authorities or to add *PUBLIC
DTAAUT(*RWX)
OBJAUT(*ALL), the application could capture that and send an email
to
support. I'm not sure how the users are set up authority-wise on
production.

- Dan

On Mon, Sep 10, 2018 at 3:43 PM, Scott Klement <midrange-
l@xxxxxxxxxxxxxxxx>
wrote:

Dan,

Personally, I would catch the error, and then pop up a message
telling
the user to contact the administrator (or whomever is appropriate)
for
assistance. Someone familiar with authorities should be able to
very
easily look at the files and fix the authority problems.

If you really need to get a listing of all user authorities (which
seems like a much more complicated solution) you could do so with
the
Qp0lGetAttr() API. You could loop through the responses and
remove
those authorities... but, to my mind, this seems like overkill.

And, of course, the user would need sufficient authority to remove
the
other users' authority (remember, adopted authority won't work
here)
which makes this even more complicated.

-SK

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take
a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.