|
midrange.com
Hi, Kirk
I'm not sure this is what you want to do, but it might give you some
ideas
In one of our customers, users are also authorized to *SPLCTL, etc, but
they want to make sure some of the OUTQ's can only be managed by some
specific users...
The way they worked until now was: everybody can use (thru a Menu
option, since they have Limited capabilities... ) the WRKOUTQ command.
Normally they call it without any parms in it, so WRKOUTQ *ALL is
executed. From there, users select a given OUTQ, select (Option 5? I
don't remember by heart) and it gives them that specific OUTQ's files
that belong to them for them to manage. That's how they were working
until now.
But even though a user may have some listings in a certain OUTQ, they
asked me to "prevent" users (except for some specific users...) to
access to some specific OUTQ's.
Obviously, what follows only prevents them from accessing WRKOUTQ XXXX
, and would not prevent them if doing WRKSPLF ... but since they only
access their listings thru WRKOUTQ ... this was good enough. And they
did NOT want to change the way they're working ...
Source code follows these comments
I created a file VALOUTQ where they enter specific users allowed to
manage specific OUTQs
Then a small CL program "CHECKER". I changed IBM's WRKOUTQ command
(CHGCMD) to use this CHECKER program as "Command Validating Program"...
since the original has *NONE.
I know this is NOT recommended, but you could create your own "clone"
and have it "before" IBM's one in the Library List...
Anyway, when calling WRKOUTQ
- if it is a WRKOUTQ *ALL, then it does nothing, so everything works as
normal
- if it is a WRKOUTQ OutQname ... the CL CHECKER program will call the
RPG program, that checks if that OUTQ is one of the restricted ones, and
if so, then checks if the user is allowed to it. Depending on the
answer, the CL CHECKER program returns (without doing nothing) to its
caller (the Command WRKOUTQ OutQname) or rejects it, sending a DIAG
message followed an ESCAPE message which will be handled automatically
by the WRKOUTQ command, so the user gets a "standar" answer if his
display...
Of course, RPG code is very limited for the testing, but you could
elaborate more on it.
Hope this helps, Antonio
---------------------------------------------------------------------------------------------------------------------------
A UNIQUE
A R RVALOUTQ
A OUTQ 10
A LIB 10
A USER 10
A AUT 1
A K OUTQ
A K LIB
A K USER
---------------------------------------------------------------------------------------------------------------------------
PGM (&P1 &OUTQLIB &P3)
DCL &P1 *CHAR 1
DCL &OUTQLIB *CHAR 20
DCL &P3 *CHAR 1
DCL &ALL *CHAR 20 VALUE('*ALL')
DCL &OUTQ *CHAR 10
DCL &LIB *CHAR 10
DCL &RC *CHAR 1
IF (&OUTQLIB *NE &ALL) THEN(DO)
CALL CHECKER10 (&OUTQLIB &RC)
IF (&RC *NE '1') THEN(DO)
CHGVAR &OUTQ %SST(&OUTQLIB 1 10)
CHGVAR &LIB %SST(&OUTQLIB 11 10)
SNDPGMMSG MSGID(CPD0006) MSGF(QCPFMSG) MSGTYPE(*DIAG) +
MSGDTA('0000 NOT AUTHORIZED to OutQ'
*BCAT +
&OUTQ *BCAT 'in Library' *BCAT &LIB)
SNDPGMMSG MSGID(CPF0002) MSGF(QCPFMSG) MSGTYPE(*ESCAPE)
ENDDO
ENDDO
---------------------------------------------------------------------------------------------------------------------------
FVALOUTQ IF E K DISK
****************************************************
IQL DS
I 1 10 OUTQ
I 11 20 LIB
*
I SDS
I 254 263 USER
* Sample "restricted Queues" for testing purposes
I 'PRTPC105 QUSRSYS 'C KP5A
I 'PRTPC105 *LIBL 'C KP5B
****************************************************
C KEY KLIST
C KFLD OUTQ
C KFLD LIB
C KFLD USER
*
C *ENTRY PLIST
C PARM QL 20
C PARM AUT 1
* Assume authorized...
C MOVE '1' AUT
* Check if restricted OUTQ
C QL IFEQ KP5A
C QL OREQ KP5B
C MOVE ' ' AUT
* CHAIN will return specific ReturnCode ...
C KEY CHAINRVALOUTQ 18
C ENDIF
*
C SETON LR
C RETRN
---------------------------------------------------------------------------------------------------------------------------
KirkG@PacInfoSys.com escribió:
>
> I have a client that somewhere in the past has given the majority of
> the users *SPLCTL authority so they can control there own
> outqs/writers etc. Now they have a new app that they want to secure
> the output to only 6 or so users. From what I can read *SPLCTL trumps
> most if not all security placed on the outq.
>
> The 1st step appears to remove *SPLCTL and to change *PUBLIC to
> *EXCLUDE but then what is the best way to allow users to control
> selected outqs?
>
> Grant each user specific authority to the outq, AuthorityList? ??
>
> ---------------------------------
> Kirk Goins
> IBM Certified AS/400 Technical Solutions
> DataMirror High Availability Certified
> Pacific Information Systems - An IBM Premier Business Partner
> 503-674-2985 kirkg@pacinfosys.com
> "WE KNOW TECHNOLOGY"
> ---------------------------------
--
-------------------------
Antonio Fernandez-Vicenti
afvaiv@wanadoo.es
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
