Changing authority to access /qntc files

110 pts.
Tags:
AS/400
authority issue
iseries v5r4
QNTC File System
RPG ILE
RPG Program
USRPRF
Hello. I have written an rpg/iv program that allows users to maintain certain network pc files from a green screen. it uses the /qntc file system to access those pc files. the problem I ran across is: unless the i5 userid and password is identical to the network userid and password, the program is unable to see the files. I tried compiling as usrprf(*owner) with a profile whose userid and password are the same on both i5 and network, but that didn't seem to have any effect. I'm looking for api/api's to change the authority the program runs under to a userid/password that has access to those network pc files, and am extremely confused. i see "set job user identity" api's, "set profile handle" api's, "set user profile" api's, "profile token" api's...... and can't tell by their descriptions what i should use. I'd greatly appreciate a nudge in the right direction. thanks!! rick metzger DTR Industries, Inc.

Software/Hardware used:
i5os v5r4, rpgile

Answer Wiki

Thanks. We'll let you know when a new response is added.

i tried compiling as usrprf(*owner) with a profile whose userid and password are the same on both i5 and network, but that didn’t seem to have any effect.

The IFS access methods do not honor adopted authority. The file systems have no concept of ‘adopted authority’.

i see “set job user identity” api’s, “set profile handle” api’s, “set user profile” api’s, “profile token” api’s…… and can’t tell by their descriptions what i should use.

If the program can’t run under users who have matching profiles/passwords, the simplest route is to go with the Set Profile Handle (QWTSETP, QsySetToProfileHandle) API and the related APIs. The API will change the job’s ‘current user’ until you set it back to the original user.

If you need basic examples, I can supply them. The ‘profile handle’ APIs are pretty simple, but there might be a couple confusions.

Tom

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Whatis23
    So you have verified with a valid user profile that you can see the network/server via QNTC using wrklnk 'qntc/yourserver' from a command line?
    5,665 pointsBadges:
    report
  • RickMe
    Tom, the "get/set/release profile handle" api's worked perfectly. thank you for clearing that up for me! whatis23, i didn't notice your post until just now. in answer to your question, yes i did verify that a user with proper rights and same i5 and network userid and password could see the files in qntc. as you can see from my note to tom, the api's he recommended worked just like he said they would. having said that, thanks for the idea anyway. sorry i didn't notice it sooner. rick
    110 pointsBadges:
    report
  • TomLiotta
    Rick: As long as you maintain a profile that can be (temporarily) switched to and then released back to the original user, and it's a matching profile/password for /QNTC, then it should be fairly easy to create a SwitchTo module and a SwitchBack module. Put those into a *SRVPGM compiled as USRPRF(*OWNER) and have it owned by a profile with enough authority to allow the switches in both directions. The owning profile can't supply adopted authority for the /QNTC work, but it can supply authority from the profile-handle APIs. In cases where your /QNTC profile might not have authority to switch back to the original job user, the *OWNER profile should make it possible. The *SRVPGM can then be used in many ways. It might switch to different profiles for different purposes. Tom
    125,585 pointsBadges:
    report
  • Not4brett
    I had the same issue. Adopted authority or compiling to the owner does not do it. I resolved it by using the "User" keyword to indicate what user profile to use on the submit job command (sbmjob). The user profile and password must be the same on the microsoft active directory. You must have rights to use the profile. Works great.
    35 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following