Tip

Limit users to specific devices

You Can View User Feedback To This Tip

If you have users that you want to limit to certain devices only, such as generic profiles, or profiles for temporary personnel, the AS/400 does not provide a method to do this.

To overcome this, create a CL that passes the user ID and workstation ID to an RPG program. The RPG program will chain out to a file that is owned by QSECOFR with Public Excluded. This file will contain User ID's and workstations. Keyed by the same two fields respectively. The RPG program will pass back to the CL whether it finds a match or not.

If it did, the CL will call the normal startup program, if not it will inform the user that they are not authorized to the workstation and sign the user off.

Code:

    PGM                                                         
            DCL        VAR(&WSID) TYPE(*CHAR) LEN(10) /* WORKSTATION */ 
            DCL        VAR(&USER) TYPE(*CHAR) LEN(10) /* USER */        
            DCL        VAR(&AUTH) TYPE(*CHAR) LEN(1) /* AUTHORIZED? */  
                                                                        
            RTVJOBA    JOB(&WSID) USER(&USER)                           
            CALL       PGM(MYLIB/CHECKER) PARM(&USER &WSID &AUTH)       
            IF         COND(&AUTH *EQ 'Y') THEN(DO)                     
            CALL       PGM(MYLIB/NORMALSTRT)                            
            GOTO       CMDLBL(END_OF_PGM)                               
            ENDDO                                                       
            IF         COND(&AUTH *EQ 'N') THEN(DO)                     
            SNDBRKMSG  MSG('YOU ARE NOT AUTHORIZED TO SIGN ON TO +      
                         THIS WORK STATION') TOMSGQ(&WSID)              
            SIGNOFF    LOG(*LIST)                                       
END_OF_PGM: ENDPGM 

USER FEEDBACK TO THIS TIP

The tip already listed sends a break message to the workstation, and then executes a SIGNOFF. This means the user will never see the message; he or she is not allowed to that workstation. It is better to send the message to the user and add the workstation-name in the message:


RTVJOBA USER(&USER) JOB(&JOB)
SNDMSG ('User' *BCAT &USER *BCAT 'not allowed on workstation' *BCAT
&JOB) TOUSER(&USER)

...

An alternative is to use object authorities; a device is known to the AS/400 as an object of type *DEVD. You can give a user *EXCLUDE to a specific *DEVD, or give *PUBLIC *EXCLUDE and the user who has to work on that workstation *USE.

-- Wim van den Heuvel


This was first published in March 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.