Swapping group profile

I found a way to swap groups, but when I release the profile handle the group authority "sticks" until I sign off. I haven't spent enough time researching this, but it is interesting if my test is valid. What I did was retreive my group profile, change my group profile to the one I wanted to adopt, get a handle to my profile, swap, change my profile back, test my authority (it works), release the profile handle, (surprise it still works). When I sign off and back on my authority is restored. Shouldn't releasing the profile restore the authority? David Morris

Swapping group profile

David, I don't think so because you never really release the profile... you just release the profile handle. (And as near as I can tell, releasing a profile handle simply makes it un-usable... which happens anyway when the job ends.) In order to return to your original authority, I believe that you'll have to reverse the process and swap yourself back to yourself (with your original group profile). HTH jte MC Security Editor

Swapping group profile

Hi David, In order to make it work you should retrieve your current profile handle prior to the changes you make, then retrieve the handle of the changed profile. Next set the new profile handle and do whatever you need to do with your temporary group profile authority. Finally set the original profile handle, release the new profile handle and then also release the original profile handle. The OS/400 API Appendixes V4R3, appendix A.19 has some more information about the use of profile handles. Wayne O. Evans published a SETGRPPRF command in the May 1994 issue of MC - the article describing the command has some interesting details about the implementation of the scheme you're working on. Best regards, Carsten Flensburg

Swapping group profile

David, If you are using a V4R5 system you may want to look at the qsysetgid() - Set Group ID API. This API allows you to change just the group profile of your thread/job. Documentation can be found at: http://publib.boulder.ibm.com/pubs/h...info/index.htm If you want to change just the user profile but not the group then you can use the qsysetuid() - Set User ID API. There are restrictions on what user profiles and group profiles can be set with these API so be sure to read their documented Error Restrictions. Ed Fishel

Swapping group profile

Thanks Guys, At least it sounds like I am on the right track. The plan is to register an exit program that will swap back. Other than propogating authority in cases where adoption is lost, what other holes have I opened? I should have that magazine in my office. I did look at the new API which would work better because I it appears to be more light weight but this has to work on a V4R4 system for a short while. David Morris

Swapping group profile

Carsten, Wish had seen that before, could have been in bed a lot earlier. Wayne's code is very similar to what I came up with. I didn't see where Wayne revokes authority to the group profile which seems odd. Thanks, David Morris