comp.sys.ibm.as400.misc - IBM AS/400 miscellaneous topics.
All, We had a small authorization problem with a user who ran a program, which uses dynamic SQL (Prepare statement) under adopted authority. An error message (SQL0551) appeared saying there wasn't enough authorization. To solve this problem I found out that the "Dynamic user profile" parameter (DYNUSRPRF) in the CRTSQLRPGI command, should be set to *OWNER in stead of the default *USER. In this case dynamic SQL statements are run under the profile of the program's owner. Since our whole system runs under adopted authority, we're thinking about compiling all our SQL-programs with DYNUSRPRF(*OWNER) Also the ones which only use static SQL. Is there anyone who can tell me if this can cause problems? Thanks in advance
Hi everyone, We're having problems getting newly created objects to have the correct permissions. The approach we use has been in use for over 10 years and is supposed to handle newly created objects. However when we really looked at it recently it just did not seem to be working. Here's what we've been doing. We use group profiles and referenced objects to give *ALL authority to members of the group that needs to use our software. Existing objects are getting the correct authorities with: *GROUP FAC01 *ALL while newly created objects do not have any reference to the group. Here is the command to create the referenced object: GRTOBJAUT OBJ(R6TDT/MF.MFTBL) OBJTYPE(*FILE) USER(FAC01)AUT(*ALL) Here are the authorities for the reference object. Object User Group Authority DINA *ALL *GROUP FAC01 *ALL *PUBLIC *USE We then execute the following command: GRTOBJAUT OBJ(R6TDT/*ALL) OBJTYPE(*FILE) REFOBJ(R6TDT/MF.MFTBL) Following are the authorities for a file that existed when the above command executed DSPOBJAUT OBJ(R6TDT/MF01.TBL) OBJTYPE(*FILE) Object User Group Authority DINA *ALL *GROUP FAC01 *ALL *PUBLIC *USE On the other hand authorities for a newly created file by user in FAC01 group DO NOT refer to the group and *PUBLIC has been changed from *USE to *CHANGE Object User Group Authority MAGNAL *ALL *PUBLIC *CHANGE What do we need to do to get newly created objects to use the reference object for it's authorities? Thanks Elliot
I have just created a library with QSECOFR named let's say MYLIB Edited MYLIB authorities with EDTOBJAUT and added NEWUSER with *USE authority. *PUBLIC authority is set to*CHANGE Then created a couple of files with QSECOFR. Now, NEWUSER, is able to add or modify records of any file in MYLIB with for instance , DFU! , but is not able to change CHGPF FILE(MYLIB/MYFILE) MAXMBRS(*NOMAX) which for me is is OK I intended that NEWUSER, could only read files on MYLIB by setting the library MYLYB with NEWUSER *USE authority. NEWUSER does not belong to any group nor has *ALLOBJ nor MYLIB is protected by any athoritation list. Am I missing something ? Thanks in advance.
All, I'm wondering if it's possible two calculate the difference between two dates, excluding weekends, in a Query Thanx