QNTC and Adopted Authority - IBM AS400

This is a discussion on QNTC and Adopted Authority - IBM AS400 ; Hi All, I need to access a file out on an QNTC share (which happens to be an integrated windows server) and I am running into an authority issue. I know you need to have the exact user id and ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: QNTC and Adopted Authority

  1. QNTC and Adopted Authority

    Hi All,

    I need to access a file out on an QNTC share (which happens to be an
    integrated windows server) and I am running into an authority issue.
    I know you need to have the exact user id and password that your
    logged into the AS400 that is on the QNTC share. Sometimes this isn't
    possible so I am wondering if there is anyway to have the CL program
    that does the work adopt authority of a user that HAS it on the QNTC
    share. I know there is the usrprf option on the CRTxxPGM command and
    have tried setting it to *OWNER where the owner is but that doesn't
    seem to work in this case. the QNTC still seems to check the logged
    in user, not the program owner.

    I know I can submit a job under a user id that has access and it
    works, but I would like to try to use adopted authority if I can.

    Thanks!



  2. Re: QNTC and Adopted Authority

    spoliskey@hotmail.com wrote in news:07b705ef-b6c4-4980-bc70-
    cf513867a53e@f36g2000hsa.googlegroups.com:

    > Hi All,
    >
    > I need to access a file out on an QNTC share (which happens to be an
    > integrated windows server) and I am running into an authority issue.
    > I know you need to have the exact user id and password that your
    > logged into the AS400 that is on the QNTC share. Sometimes this isn't
    > possible so I am wondering if there is anyway to have the CL program
    > that does the work adopt authority of a user that HAS it on the QNTC
    > share. I know there is the usrprf option on the CRTxxPGM command and
    > have tried setting it to *OWNER where the owner is but that doesn't
    > seem to work in this case. the QNTC still seems to check the logged
    > in user, not the program owner.
    >
    > I know I can submit a job under a user id that has access and it
    > works, but I would like to try to use adopted authority if I can.
    >
    > Thanks!
    >
    >
    >


    api QSYGETPH

    for an example:
    http://www.itjungle.com/mpo/mpo071703-story02.html

    --
    Ad,

    What's The Use Of Getting Sober
    (When You're Gonna Get Drunk Again)

  3. Re: QNTC and Adopted Authority

    In an insanely stupid design decision, IBM has designed it such that all
    integrated file system commands and api's ignore adopted authority.
    You are screwed. You are going to have use the inherently risky user
    profile swapping API's

    wrote in message
    news:07b705ef-b6c4-4980-bc70-cf513867a53e@f36g2000hsa.googlegroups.com...
    > Hi All,
    >
    > I need to access a file out on an QNTC share (which happens to be an
    > integrated windows server) and I am running into an authority issue.
    > I know you need to have the exact user id and password that your
    > logged into the AS400 that is on the QNTC share. Sometimes this isn't
    > possible so I am wondering if there is anyway to have the CL program
    > that does the work adopt authority of a user that HAS it on the QNTC
    > share. I know there is the usrprf option on the CRTxxPGM command and
    > have tried setting it to *OWNER where the owner is but that doesn't
    > seem to work in this case. the QNTC still seems to check the logged
    > in user, not the program owner.
    >
    > I know I can submit a job under a user id that has access and it
    > works, but I would like to try to use adopted authority if I can.
    >
    > Thanks!
    >
    >




  4. Re: QNTC and Adopted Authority

    In your case adoption won't help even if the integrated file system
    supported it. Checking of permissions happens on the server side for the
    user connecting to the server. So in your case, the integrated windows
    server is checking permissions for the connected user. QNTC is just
    reporting what the server returned. The only way to be able to access the
    objects is for the current user profile of the job be the correct user that
    has the permissions on the server.

    --
    Margaret Fenlon
    Integrated File System and Servers - IBM i
    mfenlon@us.eye-bee-m.com (spam trick)
    (opinions stated are not necessarily those of my employer)


    wrote in message
    news:07b705ef-b6c4-4980-bc70-cf513867a53e@f36g2000hsa.googlegroups.com...
    > Hi All,
    >
    > I need to access a file out on an QNTC share (which happens to be an
    > integrated windows server) and I am running into an authority issue.
    > I know you need to have the exact user id and password that your
    > logged into the AS400 that is on the QNTC share. Sometimes this isn't
    > possible so I am wondering if there is anyway to have the CL program
    > that does the work adopt authority of a user that HAS it on the QNTC
    > share. I know there is the usrprf option on the CRTxxPGM command and
    > have tried setting it to *OWNER where the owner is but that doesn't
    > seem to work in this case. the QNTC still seems to check the logged
    > in user, not the program owner.
    >
    > I know I can submit a job under a user id that has access and it
    > works, but I would like to try to use adopted authority if I can.
    >
    > Thanks!
    >
    >




  5. Re: QNTC and Adopted Authority

    As a follow-up to my previous statement.
    In order to access the share through QNTC on the server, the client must
    authenticate to the server. It only does that for the current user profile
    for the job, since QNTC must send user information (in your case userid and
    encrypted password) to the server. Program adoption is never considered for
    that.

    So again, even if the integrated file system did support program adoption,
    it would not help you to authenticate to the server.

    --
    Margaret Fenlon
    Integrated File System and Servers - IBM i
    mfenlon@us.eye-bee-m.com (spam trick)
    (opinions stated are not necessarily those of my employer)


    "Margaret Fenlon" wrote in message
    news:4876464c$1@kcnews01...
    > In your case adoption won't help even if the integrated file system
    > supported it. Checking of permissions happens on the server side for the
    > user connecting to the server. So in your case, the integrated windows
    > server is checking permissions for the connected user. QNTC is just
    > reporting what the server returned. The only way to be able to access the
    > objects is for the current user profile of the job be the correct user
    > that has the permissions on the server.
    >
    > --
    > Margaret Fenlon
    > Integrated File System and Servers - IBM i
    > mfenlon@us.eye-bee-m.com (spam trick)
    > (opinions stated are not necessarily those of my employer)
    >
    >
    > wrote in message
    > news:07b705ef-b6c4-4980-bc70-cf513867a53e@f36g2000hsa.googlegroups.com...
    >> Hi All,
    >>
    >> I need to access a file out on an QNTC share (which happens to be an
    >> integrated windows server) and I am running into an authority issue.
    >> I know you need to have the exact user id and password that your
    >> logged into the AS400 that is on the QNTC share. Sometimes this isn't
    >> possible so I am wondering if there is anyway to have the CL program
    >> that does the work adopt authority of a user that HAS it on the QNTC
    >> share. I know there is the usrprf option on the CRTxxPGM command and
    >> have tried setting it to *OWNER where the owner is but that doesn't
    >> seem to work in this case. the QNTC still seems to check the logged
    >> in user, not the program owner.
    >>
    >> I know I can submit a job under a user id that has access and it
    >> works, but I would like to try to use adopted authority if I can.
    >>
    >> Thanks!
    >>
    >>

    >
    >




+ Reply to Thread