Tweet
There was a pretty good article about IFS authority in "the other magazine" in March 2000 (article ID 6155 at as400network.com). There was also a followup in the Letters column in the June 2000 issue (ID 7391) regarding group authority. Even with those articles, though, there's things I don't understand and we still had a problem I couldn't explain thru reference to them....
-
-
IFS Authority
Ken, I've also noticed that from a green screen, the IFS authority is based on the current user profile for the AS/400 job. But if you try to open a document from the IFS with WINWORD or EXCEL, the authority is based on the "connected" profile. That's the profile you login with before you ever seen the green screen signon. So, for my purposes, I need to launch a word document from a green screen and now I have to possibly deal with the authority for TWO profiles, not just one. I had to set up sort of a pseudo-adopted authority where the interactive job submits a job to batch that runs under a profile that copies the document to an IFS folder and makes the interactive user the document owner. The interactive job waits until the batch job finishes before continuing. Then I can launch the document, let the user edit the document and move the document back to the original folder. Oh, and by the way, when you click on "SAVE" in word, excel, etc, the connected user becomes the document owner. So, if the green screen user is not the owner of the document when it is first opened, you'll get a "disk is write protected" error. Why? *PUBLIC cannot do a CHGOWN (see previous post). And so you may ask, why don't you just give the interactive user *ALL authorities to the PC document? Because some applications literally blow the document away and create a new one when you click on "SAVE" and so authorities are inherited from the folder definition and the previous document authorities are lost. Too bad I couldn't just about how the IFS authority really works, I had to experience it instead. Chris -
IFS Authority
Hi Everyone, I must admit, I've had a difficult time finding resources that explain fully how the IFS (integrated file system) security works. And I own two fairly recent AS/400 books on security but they hardly mention the issue and I've searched the net using the popular search engines. Here are some examples that I had to learn through trial and error: Even if *PUBLIC has *OBJEXIST, the public cannot change the object owner. Even if *PUBLIC has *OBJMGT, the public cannot change security to the object. Anyway, my question is this: for a PC document (not a program or a directory), what is the difference between specifying *R (Read) and *RX (Read, eXecute)? Thanks. ChrisComment
Comment