Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

QNTC and Adopted Authority

125 views
Skip to first unread message

spol...@hotmail.com

unread,
Jul 8, 2008, 10:53:53 AM7/8/08
to
Hi All,

I need to access a file out on an QNTC share (which happens to be an
integrated windows server) and I am running into an authority issue.
I know you need to have the exact user id and password that your
logged into the AS400 that is on the QNTC share. Sometimes this isn't
possible so I am wondering if there is anyway to have the CL program
that does the work adopt authority of a user that HAS it on the QNTC
share. I know there is the usrprf option on the CRTxxPGM command and
have tried setting it to *OWNER where the owner is but that doesn't
seem to work in this case. the QNTC still seems to check the logged
in user, not the program owner.

I know I can submit a job under a user id that has access and it
works, but I would like to try to use adopted authority if I can.

Thanks!


Ad

unread,
Jul 8, 2008, 12:47:49 PM7/8/08
to
spol...@hotmail.com wrote in news:07b705ef-b6c4-4980-bc70-
cf5138...@f36g2000hsa.googlegroups.com:

api QSYGETPH

for an example:
http://www.itjungle.com/mpo/mpo071703-story02.html

--
Ad,

What's The Use Of Getting Sober
(When You're Gonna Get Drunk Again)

Tim M

unread,
Jul 9, 2008, 12:43:59 AM7/9/08
to
In an insanely stupid design decision, IBM has designed it such that all
integrated file system commands and api's ignore adopted authority.
You are screwed. You are going to have use the inherently risky user
profile swapping API's

<spol...@hotmail.com> wrote in message
news:07b705ef-b6c4-4980...@f36g2000hsa.googlegroups.com...

Margaret Fenlon

unread,
Jul 10, 2008, 1:26:39 PM7/10/08
to
In your case adoption won't help even if the integrated file system
supported it. Checking of permissions happens on the server side for the
user connecting to the server. So in your case, the integrated windows
server is checking permissions for the connected user. QNTC is just
reporting what the server returned. The only way to be able to access the
objects is for the current user profile of the job be the correct user that
has the permissions on the server.

--
Margaret Fenlon
Integrated File System and Servers - IBM i
mfe...@us.eye-bee-m.com (spam trick)
(opinions stated are not necessarily those of my employer)


<spol...@hotmail.com> wrote in message
news:07b705ef-b6c4-4980...@f36g2000hsa.googlegroups.com...

Margaret Fenlon

unread,
Jul 10, 2008, 1:47:10 PM7/10/08
to
As a follow-up to my previous statement.
In order to access the share through QNTC on the server, the client must
authenticate to the server. It only does that for the current user profile
for the job, since QNTC must send user information (in your case userid and
encrypted password) to the server. Program adoption is never considered for
that.

So again, even if the integrated file system did support program adoption,
it would not help you to authenticate to the server.

--
Margaret Fenlon
Integrated File System and Servers - IBM i
mfe...@us.eye-bee-m.com (spam trick)
(opinions stated are not necessarily those of my employer)


"Margaret Fenlon" <mfe...@us.ibm.com> wrote in message
news:4876464c$1@kcnews01...

0 new messages