|
If the authority list is over the payroll lib (and other libs), what is the auth for the individual file objects in payroll lib? May be able to construct a solution with group profiles. jim ----- Original Message ----- From: "Hatzenbeler, Tim" <thatzenbeler@clinitech.net> To: <midrange-l@midrange.com> Sent: Friday, April 12, 2002 6:33 PM Subject: RE: Exit Point Question/profile switching... > This message is in MIME format. Since your mail reader does not understand > this format, some or all of this message may not be legible. > -- > [ Picked text/plain from multipart/alternative ] > The problems stems from this, We use an accouting/purchasing/financial > package supported by a vendor, and they only use one authority list for > every user of the package, and that authority list is used for all libraries > of their application... So a person in purchasing has the same authority as > some one in payroll, when it comes to object authority, the authority is all > handled in the application, but as we all know, when we use an odbc driver > we are outside of that authority checking... Changing the authority list > within the application is out, because all the systems tie together... So I > was looking at solving the problem a different way... And that is, if your > making a request via odbc, ftp, ddm... change the profile to a profile that > does not have a the libraries we would like to keep out of excel or crystal > reports. > > But as for your response... I do see your point and agree with it... > > tim > > > -----Original Message----- > > From: Evan Harris [SMTP:spanner@ihug.co.nz] > > Sent: Friday, April 12, 2002 3:26 PM > > To: midrange-l@midrange.com > > Subject: RE: Exit Point Question/profile switching... > > > > Tim > > > > before you start working on exits etc is there a reason why you just can't > > have access to payroll libraries set as *PUBLIC *EXCLUDE and ensure that > > your ODBC profile is not one of the authorised profiles ? > > > > Your method seems backwards to me - generally I think that additional > > access should be should be granted rather than granting authority to all > > and then using some other method to revoke and deny access. > > > > To further explain, it seems to me like giving everyone the combination to > > a safe and then having a guard compare names to a list of those allowed to > > use the combination. It would make more sense to not give people the > > combination in the first place..... > > > > Sorry this doesn't exactly address your question, but if I had to do this > > I > > wuld probably revisit my base security set up - I avoid complex security > > wherever possible if only because it is too hard to demonstrate to > > auditors.... > > > > Regards > > Evan Harris > > > > >This message is in MIME format. Since your mail reader does not > > understand > > >this format, some or all of this message may not be legible. > > >-- > > >[ Picked text/plain from multipart/alternative ] > > >I didn't want to scan through a possible 32k sql string looking for > > >libraries I didn't want to allow, so I figured switching the authority > > would > > >be better and faster.... And more secure... > > > > > >tim > > > > > > > -----Original Message----- > > > > From: Dr Syd Nicholson [SMTP:sydnic@ccs400.com] > > > > Sent: Friday, April 12, 2002 4:11 PM > > > > To: midrange-l@midrange.com > > > > Subject: Re: Exit Point Question/profile switching... > > > > > > > > Instead of trying to switch user profiles, perhaps you could use the > > > > exit point to restrict access to the appropriate libraries. This would > > > > be easier I think. > > > > > > > > Syd Nicholson > > > > > > > > > > > > Hatzenbeler, Tim wrote: > > > > > > > > >This message is in MIME format. Since your mail reader does not > > > > understand > > > > >this format, some or all of this message may not be legible. > > > > >-- > > > > >[ Picked text/plain from multipart/alternative ] > > > > > Is this possible and if so is there a simple CL command to do > > it? > > > > >I would like to add a exit point program to QIBM_QZDA_INIT to switch > > the > > > > >userprofile to a less powerful profile (for users not found in a > > control > > > > >table). What command would I use? And if so, would the profile > > switch > > > > >exist when they make the QIBM_QZDA_SQL1 call, or would I need to > > switch > > > > the > > > > >profile here also? > > > > >Or am I doing this all wrong? > > > > >My goal is this, to create a user profile that excludes our payroll > > > > library, > > > > >and give the odbc requests this profile... > > > > >Thanks, tim > > > > > > _______________________________________________ > > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing > > list > > To post a message email: MIDRANGE-L@midrange.com > > To subscribe, unsubscribe, or change list options, > > visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l > > or email: MIDRANGE-L-request@midrange.com > > Before posting, please take a moment to review the archives > > at http://archive.midrange.com/midrange-l. > _______________________________________________ > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list > To post a message email: MIDRANGE-L@midrange.com > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l > or email: MIDRANGE-L-request@midrange.com > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. > >
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
