UDS/SQL checks access rights only by means of the user group names.
The user group name must be defined with ONLINE-PRIVACY or BPRIVACY and the access rights must have been assigned before the users in the group can execute database calls.
If the DBH cannot identify the user group, the application program is supplied with a status code or the IQS session is terminated.
The table below indicates how user group names are structured, which configuration is checked with which group name and how to define the user groups in the ADD-USER-GROUP statement. The terms "local" and "remote" are meant in relation to the location of the database.
Configuration | Value | Definition in the ADD-USER-GROUP statement | ||
host | appl | grp | ||
openUTM | host | appl | - | *KSET- |
openUTM | host | appl | kset | *KSET- |
TIAM | host | ' _' | id | *FREE-FORMAT(HOST=host,USER-ID=id) |
linked-in | host | ' _' | id | *FREE-FORMAT(HOST=host,USER-ID=id) |
Table 18: Structure of user group names
Key
host | Name of the host computer on which the UDS/SQL-openUTM application or the UDS/SQL application program runs. |
appl kset id | Name of the openUTM application KSET name associated with the corresponding openUTM user ID BS2000 user ID |
In application programs (COBOL DML, CALL DML, SQL) and for IQS, "old" PRIVACY user specifications
(< UDS/SQL V1.2) are still made in some instances or may be required (IQS):
"Old" specifications in the so-called PRIVACY RECORD (< UDS/SQ Version 1.2) in application programs (COBOL DML, CALL DML, SQL) or for IQS are ignored by UDS/SQL.
The PRIVACY specifications for IQS of any version <= 3.1 must not be empty, but are otherwise arbitrary.
Access rights are checked by means of the user group name, which comprises the name of the host computer and the runtime identification of the TIAM application or the name of the openUTM application (with or without the KSET specification).
The KSET name may be omitted if no KSET name was defined in the corresponding openUTM application. If no openUTM users are defined, a defined KSET name of a logical terminal (LTERM) is used for checking access rights.openUTM uses predefined KSET names, which you can display with KDCINF KSET. Access rights for the database must also be defined for these predefined KSET names.
In distributed transaction processing with openUTM-D, the KSET name from the associated LPAP entry must be used (see the openUTM manual "Generating Applications").