Re: [SUSPECTED SPAM] Use of adopted profiles -- MIDRANGE-L

× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.

The first thing to understand is the difference between "User profile" and
"Use adopted authority". The former is for that program. The latter says
use to continue to use the adopted authority of programs earlier in the
stack.

I would use an authority list and not a group profile. The reason being
is it becomes much easier to granularize security. For example:

ERPAUTL
*PUBLIC *EXCLUDE
PGMADOPT *ALL
QRYMAVEN *USE

In general this would say that *public could not access the data unless
they were using programs using adopted authority of PGMADOPT. And if you
have that person who is your local query maven they could read the data.
We have a guy from "corporate" who wanted to be assured that he could not
change the data but could read it and we use this.

For the love of God do not make PGMADOPT a group profile and put people
into that. If you do then they can modify the data from any ODBC program,
etc.

Oh, and the IFS doesn't give a rats posterior about adopted authority and
you have to use profile switching api's for that.

Rob Berendt

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.