Jorge,
Which server are you running your IMPERSONAT program from and what CPF
error are you encountering?
I've had a wee bit of experience with profile switching so if you feel
comfortable sending me a pseudo-code of the steps you are taking in the
server and IMPERSONAT I may be able to help.
Gary Monnier
-----Original Message-----
From: rpg400-l-bounces@xxxxxxxxxxxx
[mailto:rpg400-l-bounces@xxxxxxxxxxxx] On Behalf Of Jorge Merino
Sent: Monday, July 11, 2011 3:29 PM
To: RPG programming on the IBM i / System i
Subject: Spool files under original User even after QWTSETP was issues
toSwap a User Profile.
Hi!
I just created a program to do "impersonation" and execute a give
command, that is a small program that basically will swap the user id
and execute a given command.
The program uses the following APIs in the following order:
ori_user_ph = QSYGETPH(*current)
New_user_PH = QSYGETPH(New_user)
QWTSETP(New_user_PH)
QWTSJUID( set )
--Command Execution--
QWTSETP( ori_user_ph )
QWTSJUID( clear )
QSYRLSPH( new_user_ph )
QSYRLSPH( ori_user_ph )
The program gets compiled with a regular PGMR non-*ALLOBJ user. Let's
say that my program is called IMPERSONAT.
After compilation, I have a *SECADM level user to change the program as:
CHGPGM PGM(MYLIB/IMPERSONAT) USRPRF(*OWNER) USEADPAUT(*NO)
CHGOBJOWN OBJ(MYLIB/IMPERSONAT) OBJTYPE(*PGM) NEWOWN(SECADM)
I execute the program in a regular interactive Job and it works great.
It creates some spool files under the new user, so far so good. These
are some job attributes:
Subsystem . . . . . . . . . . . . . . . . . : QINTER
Subsystem pool ID . . . . . . . . . . . . : 2
Type of job . . . . . . . . . . . . . . . . : INTER
Special environment . . . . . . . . . . . . : *NONE
However, this program must be called from a existing server job running
under QPGMR, so I call the new program exactly as I called the program
interactively, and here is the problem: the spool files are still shown
under QPGMR rather than the new user.
Subsystem . . . . . . . . . . . . . . . . . : RNSFIN2
Subsystem pool ID . . . . . . . . . . . . : 1
Type of job . . . . . . . . . . . . . . . . : BATCH
Special environment . . . . . . . . . . . . : *NONE
I'm receiving the Error DS from QWTSETP (and any API involved) in order
to know if there is errors, I even logging every error returned from any
API into the job log but no errors are returned; I'm even doing SBMJOB
CMD(CALL IMPERSONAT) from the server job rather than a regular CALL ,
notice that I'm not using the USER() parameter on SBMJOB but the program
gets executed under the new User even using its Job Description.
The first version of my program was using the Service Program APIs
equivalent, but I changed them to use API OPMs just in case. I also
added QWTSJUID to change the Job User Identity for the Job, just after
QWTSETP (for both to set and to clear).
How can I force the server job to generate the new spool files under the
user just after QWTSETP happened?
Any Ideas, suggestions?
Thanks.
Jorge Merino
~jmerinoh~
http://nuvek.com/
http://vektr.com/
As an Amazon Associate we earn from qualifying purchases.