Re: WFL usercodes



On Tue, 30 Aug 2011 06:18:49 -0700 (PDT), dgathman@xxxxxx wrote:
How can I determine the usercode the job is running
under, USER1?

Dave,

The job is not running under USER1. It's running under USER2. The
display is correct.

It would help if you'd come back and tell us what you are trying to
do. In the mean time, "running under" a usercode means these things:

1) When the job (or subtasks) open files, by default they open files
under the usercode's directory.

2) The job and subtasks inherit the permissions of the usercode, most
importantly in terms of file and database access.

3) The log entries for the job indicate the usercode. This is most
significant when doing cost accounting.

4) Messages generated by the job and subtasks may be routed to
terminals logged on with the same usercode (but are not always).

Ref #4: if the job were running under USER1, it would display "USER1"
.... but assuming you are logged on to USER2, you would not see the
message, since messages for USER1 are not shown to USER2. That's a
clear indication that it is actually running under USER2.

As others have pointed out, START (USER1)WFL/blahblah only accesses
the file under USER1 as the source for the job. To do this, USER2 must
have permission to read the file, which by default it does not. So
either USER1 has set the permissions on the file to PUBLIC (or any of
various more complex options), or USER2 is a privileged user. The
latter is a Very Bad Idea except when it's absolutely required (it's
equivalent to being root).

There are at least four built-in ways to actually run that job under
USER1:

1) Be logged in as USER1 when you start it. (It appears that this is
what you are trying to avoid.)

2) WFL START (USER1)WFL/blahblah;USER=USER1/pw

3) WFL USER USER1/pw;START WFL/blahblah

4) Hard-code the usercode and password in the WFL being started.

5) Use special tasking privileges.

Note that #2 and #3 are distinct in the way they operate, despite the
surface similarity. #2, #3, and #4 have the obvious disadvantage of
needing the password stored in plaintext.

So giving advice really requires knowing what you are trying to do. If
this is a case of jobs in one usercode depending on jobs in another
usercode, you need to consider whether the application really should
be running under a single usercode. If you are writing a utility
program, for example a job scheduler, there are ways of giving it the
needed permissions to do this without storing the passwords -- but
doing that safely requires a lot more knowledge about MCP systems than
you have.

Edward
.



Relevant Pages

  • Re: AdminSDHolder thread - How can I block??
    ... a user who's a domain admin ... > wishes to grant another user (User2) "send as" permissions on his ... > User1 in effective removed from the ACL of User1. ... > be to add "send as" permissions for User2 to the AdminSDHolder ...
    (microsoft.public.win2000.active_directory)
  • RE: dirty reada to committed read
    ... page then user1 is locking the whole page therefore user2 get a lock error ... I have tried setting Isolation Level to Dirty Read, ... The only isolation level that has an impact on updates and deletes is ...
    (comp.databases.informix)
  • Re: Security question regarding directory and file permissions
    ... > is done by design. ... > user1, I create a file called testfile in that directory. ... > log in as user2, change to the test directory, and edit the file using ... I thought that file permissions would ...
    (comp.os.linux.security)
  • Re: Versioning control
    ... User2 has removed a function from file3 which is used by file1. ... User1 has tested all of his changes and all of them work well. ... User1 commits all of changes. ... "1.2 What is CVS not? ...
    (Debian-User)
  • Re: Versioning control
    ... User2 has removed a function from file3 which is used by file1. ... User1 has tested all of his changes and all of them work well. ... User1 commits all of changes. ... Use a policy that you have to pull changes before commit and thus each user can ...
    (Debian-User)