gerd_renz3
VIP Member
Hi List,
I found another interesting feature with 8.9 security I want to share with you.
Lets say I have PROFILE1 and PROFILE2 associated with my user ID. PROFILE2 gives permission to run PROGRAM_X. PROFILE1 can access PY9 and PD9, PROFILE2 can access only PD9. There is no conflict in security between the two profiles.
Now, when I log into PD9 with user_ID GERD and profile *ALL I should get the combined security settings for PROFILE 1 and 2. However PROFILE2 is ignored (I will not have permission on PROGRAM_X), when my Default Env in the [DB SYSTEM SETTINGS] stanza is set to PY9.
It works as expected when the Default Env is set to PD9 and I log into PD9.
Can anybody explain this? In the first case I found in the debug_log this line:
SELECT * FROM SY9/F00950 WHERE ( FSUSER = 'PROFILE1' OR FSUSER = 'GERD' OR FSUSER = '*PUBLIC' ) ORDER BY ...
It is ignoring PROFILE2 when the Default Env is set to PY9. When it is set to PD9 I get this:
SELECT * FROM SY9/F00950 WHERE ( FSUSER = 'PROFILE1' OR FSUSER = 'PROFILE2' OR FSUSER = 'GERD' OR FSUSER = '*PUBLIC' ) ORDER BY ...
as I would have expected already in the first place.
In other words: for a profile to work it must be accessible for the default env in jde.ini !
I do have PD and PY installed on my WS.
Very, very strange! What is the meaning of the default env in the WS´s jde.ini anyway?
Sorry about the long post.
Thanks, Gerd
I found another interesting feature with 8.9 security I want to share with you.
Lets say I have PROFILE1 and PROFILE2 associated with my user ID. PROFILE2 gives permission to run PROGRAM_X. PROFILE1 can access PY9 and PD9, PROFILE2 can access only PD9. There is no conflict in security between the two profiles.
Now, when I log into PD9 with user_ID GERD and profile *ALL I should get the combined security settings for PROFILE 1 and 2. However PROFILE2 is ignored (I will not have permission on PROGRAM_X), when my Default Env in the [DB SYSTEM SETTINGS] stanza is set to PY9.
It works as expected when the Default Env is set to PD9 and I log into PD9.
Can anybody explain this? In the first case I found in the debug_log this line:
SELECT * FROM SY9/F00950 WHERE ( FSUSER = 'PROFILE1' OR FSUSER = 'GERD' OR FSUSER = '*PUBLIC' ) ORDER BY ...
It is ignoring PROFILE2 when the Default Env is set to PY9. When it is set to PD9 I get this:
SELECT * FROM SY9/F00950 WHERE ( FSUSER = 'PROFILE1' OR FSUSER = 'PROFILE2' OR FSUSER = 'GERD' OR FSUSER = '*PUBLIC' ) ORDER BY ...
as I would have expected already in the first place.
In other words: for a profile to work it must be accessible for the default env in jde.ini !
I do have PD and PY installed on my WS.
Very, very strange! What is the meaning of the default env in the WS´s jde.ini anyway?
Sorry about the long post.
Thanks, Gerd