× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



On the space management issue, we set max space limits on home directories. If 
the users home directory is full they don't get the file they want. 
 
If you have auditing concerns with this process (we don't), you could have your 
server group setup a special folder in everyones home directory and only give 
access to this folder to this special user. Your end user would be responsible 
to move the file out of this special folder. I lot more work for your server 
group but if there have a good script writer they could setup a script to 
create new users that autocreates this folder and set rights. We do that here 
with a small VB app. I would think that if you used every security tool 
available, like restricting the special account to just the IP address of your 
iSerires, the auditors would be happy. With our procedures we do want the 
account to have read access in order to do the upload processing we do. 
 
We handle files names different depending on the need. Most processes we just 
have a set name that we use all the time and it overwrites the previous file 
(if you only have write access this will not work). If the end users wants to 
keep history it's their responsibility to rename or move the file. Most of our 
downloads need to be the most recent data and any old files are worthless. For 
ones were we do want to keep history we name the file with a unique name, 
usually with date/time added, sometimes with a class code (I work at a college) 
or semester, or just month/year. 
 
The FTP process does need a hardcoded password but you could put this in a 
dataarea that the RPG uses for the logon script command and only give access to 
the dataarea to high level security staff or even your server staff who alerady 
have access to server passwords and let them manage the password.
 
I thought QNTC needed to logon? Doesn't the logon require that the userd and 
password on the iSeries for the user running the command match a userid and 
password on the server your connecting to? The password is not in clear text 
like in the FTP example but it is still used.
 
I just had anothe idea. If you want you should be able to encrypt the password 
in the dataarea and the RPG could decrypt the password when it built the FTp 
script. Then the password is only in clear text for the time the script file in 
QTEMP exists

EDeLong@xxxxxxxxxxxxxxx 7/3/2006 7:13:31 PM >>>

Hi Mike,

We have a similar configuration for user home directories, and with some 
alterations to your process, this could work for us...  Here's how it would 
work..

Common service profile exists in both Windows domain and iSeries.  This profile 
would need to be limited to write access to the /home root, to apease the 
auditors that this profile could not be used to read any of the user's home 
directories.  The data gets pushed to the user's network home, then sends an 
email with a link to the target object.  

Two concerns; first, how to expire and purge these distributions so that the 
file server does not run out of space and crash, and second, if the common 
service profile has only write access, how do we determine if the file name 
already exists....  I suppose we could name the file with an embedded date/time 
value so that we'd never (??) have dups....

FTP raises concerns regarding hardcoded passwords, so I'd probably stick with 
QNTC (despite its problems) since it requires no login.

Eric DeLong
Sally Beauty Company
MIS-Project Manager (BSG)
940-297-2863 or ext. 1863



-----Original Message-----
From: rpg400-l-bounces@xxxxxxxxxxxx
[mailto:rpg400-l-bounces@xxxxxxxxxxxx]On Behalf Of Mike Cunningham
Sent: Monday, July 03, 2006 3:19 PM
To: RPG programming on the AS400 / iSeries; DeLong, Eric
Subject: RE: Getting a file to excel


We do create a unique directory for each user on our PC file servers. All the 
folders are on the same server and have the same name as the network userid. So 
mary is in server\\vol:home\mary and john is server\\vol:home\john. In a 
database file that we maintain for each iSeries we have there is a field that 
contains the users network userid. For ½ the users the network userid is the 
same as the iSeries userid. To do file transfers both ways we use plain old 
FTP. We have a special account on the network server that has access to all 
users "home" folders. This special account will only accept a logon from the IP 
address of the iseries for some added security. When a user runs any of our 
applications that can create a PC file (.csv, .rtf, .txt, .vcs, etc) we create 
the file in QTEMP and then FTP it to the users network home folder. We have an 
RPG utility we wrote the creates the necessary FTP script commands to move the 
file to the correct home folder and all apps call this utility to do the 
download via FTP. Back a few years we had to deal with  three different servers 
that had user home folders and so also had to maintain the name of the server 
for each user but the concept was the same. We also use this to move data to 
the iSeries. The users puts the file them want to upload in their home folder 
and our RPG runs the FTP utility to get the file and either but it in QTEMP to 
process or add as members to a database file if we want to keep a history of 
what has been uploaded. I have been wanting to change FTP to use QNTC for 
sometime now but since the FTP way has been working for years that always goes 
on the back burner. I like this method because there are no files to cleanup in 
the IFS, the users network storage limits make them keep their home folder 
cleaned up.

EDeLong@xxxxxxxxxxxxxxx 7/3/2006 2:47:14 PM >>>
Could do that in the IFS, but the authority would be applied via os400 user 
profile, while their Windows domain profile/password may be different.  They 
could look in that folder, but they wouldn't see anything.  If I could instruct 
Windows to prompt for login, then I'd be fine.....

So far, the only solution that makes sense to me is a cgi app that prompts the 
user for their AS400 credentials, validates the creds, then gives them a list 
of files that were registered to their profile.  On the application side, we 
would have a registration api that acquires the output (DBF, stmf, splf, ...) 
and stores it to a repository.  Seems simple enough.....  

Eric DeLong
Sally Beauty Company
MIS-Project Manager (BSG)
940-297-2863 or ext. 1863



-----Original Message-----
From: rpg400-l-bounces@xxxxxxxxxxxx
[mailto:rpg400-l-bounces@xxxxxxxxxxxx]On Behalf Of Holden Tommy
Sent: Monday, July 03, 2006 12:33 PM
To: RPG programming on the AS400 / iSeries
Subject: RE: Getting a file to excel


How about using a single directory but using the CHGAUT command to allow
only the creating user access to the document?? 


Thanks,
Tommy Holden


-----Original Message-----
From: rpg400-l-bounces@xxxxxxxxxxxx
[mailto:rpg400-l-bounces@xxxxxxxxxxxx] On Behalf Of DeLong, Eric
Sent: Monday, July 03, 2006 12:11 PM
To: RPG programming on the AS400 / iSeries
Subject: RE: Getting a file to excel

Yes, we have a default user for our file transfer utility that uses
QNTC, but in this case, mapping to end-user folder destinations would
need to be defined for hundreds of users.  We're concerned that each
user's output should be secured from access by all other users,
requiring a unique destination for each user.  We *could* go this way,
but network support group does not want to manage this....  

Eric DeLong
Sally Beauty Company
MIS-Project Manager (BSG)
940-297-2863 or ext. 1863



-----Original Message-----
From: rpg400-l-bounces@xxxxxxxxxxxx
[mailto:rpg400-l-bounces@xxxxxxxxxxxx]On Behalf Of Scott Johnson
Sent: Friday, June 30, 2006 4:03 PM
To: RPG programming on the AS400 / iSeries
Subject: Re: Getting a file to excel


What I did here to get around user access issues is create a userid that

exists on both the AS400 side and the PC server side.  On the AS400, the

job that creates the spreadsheet is run using this userid.  It writes
the 
spreadsheet to a folder on a pc server using the QNTC in the IFS.  I
just 
have to tell the network admin that this user needs access to that
folder.

-- Scott J.

DeLong, Eric wrote:
One of the problems we have with that is that not all iSeries users
keep

their Windows and iSeries profiles in sync. SSO is not an option, and I
was
told NO to creating a web app to serve as a file/report broker. I could
solve this easily if I had some way to force a "login as user...."
dialog
whenever the user tried to access the IFS, but I can't see any way to do
this.....

Eric DeLong
Sally Beauty Company
MIS-Project Manager (BSG)
940-297-2863 or ext. 1863


As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.