UDS/SQL V2.9 (en)

&pagelevel(4)&pagelevel

Before the openUTM administrator generates a UDS/SQL-openUTM application, the UDS/SQL database administrator must define the UDS/SQL user group and its privileges. This is done using the ADD-USER-GROUP statement of the BPRIVACY utility routine.

Example

Three user groups are to be granted access to the SHIPPING database.
"User group 1" may perform openUTM administration duties.
"User group 2" is granted read and write access to the database.
"User group 3" is granted read access to the database.

The openUTM administrator generates the UDS/SQL-openUTM application "UTMAWVER" on the host "UTMHOST1" and makes the following specifications for the user groups:

User group 1

"UTMUSER1" with the password "PASSW001" may call the transaction codes that define the administration commands (prerequisite: the administration program KDCADM must be generated with KDCDEF). The KSET “KSETADM” is assigned to this user.
No database access takes place in this transaction code.

TAC KDCAPPL,ADMIN=YES,PROGRAM=KDCADM,LOCK=1
. . .
       Additional transaction codes for administration
. . .
TAC KDCUSER,ADMIN=YES,PROGRAM=KDCADM,LOCK=1
USER UTMUSER1,PASS=(C'PASSW001',DARK),KSET=KSETADM,PERMIT=ADMIN,STATUS=ON
KSET KSETADM,KEYS=1

User group 2

"UTMUSER2" and "UTMUSER3" with the passwords "PASSW002" and "PASSW003" may call the transaction codes "UPDATE", "ADD" and "SEARCH". The KSET “KSETUPD” is assigned to these users.

TAC UPDATE,ADMIN=NO,LOCK=2,PROGRAM=MODIFY
TAC ADD,ADMIN=NO,LOCK=3,PROGRAM=ADD-NEW
TAC SEARCH,ADMIN=NO,LOCK=4,PROGRAM=QUERY
USER UTMUSER2,PASS=(C'PASSW002',DARK),KSET=KSETUPD,STATUS=ON
USER UTMUSER3,PASS=(C'PASSW003',DARK),KSET=KSETUPD,STATUS=ON
KSET KSETUPD,KEYS={2,3,4}

User group 3

"UTMUSER4", "UTMUSER5" and "UTMUSER6" with the passwords "PASSW004", "PASSW005" and "PASSW006" may call the transaction code "SEARCH".
The KSET “KSETRTR” is assigned to these users.

TAC SEARCH,ADMIN=NO,LOCK=4,PROGRAM=QUERY
USER UTMUSER4,PASS=(C'PASSW004',DARK),KSET=KSETRTR,STATUS=ON
USER UTMUSER5,PASS=(C'PASSW005',DARK),KSET=KSETRTR,STATUS=ON
USER UTMUSER6,PASS=(C'PASSW006',DARK),KSET=KSETRTR,STATUS=ON
KSET KSETRTR,KEYS=4

When the above users issue database calls, the following UDS/SQL user group names result:

UTMHOST1UTMAWVERKSETUPD_
UTMHOST1UTMAWVERKSETRTR_

To enable the requests to be executed, the UDS/SQL database administrator must have defined these UDS/SQL user groups and their privileges beforehand, as shown in the following example:

/ADD-FILE-LINK LINK-NAME=DATABASE,FILE-NAME=SHIPPING.DBDIR/SELECT-PRODUCT-VERSION PRODUCT-NAME=UDS-SQL, VERSION=02.9B00
/START-UDS-BPRIVACY
...

***** START BPRIVACY (UDS/SQL V2.9  1801 )     2019-01-29   09:26:52
% UDS0215 UDS STARTING UDS/SQL V2.9(LINKED-IN), DATE=2019-01-29 (ILL2038,09:26:52/4TE7) 
% UDS0746 UDS PUBSET DECLARATION (CURRENT) FOLLOWS (ILL1746,09:26:52/4TE7) 
4TE7: UDS-PUBSET-JV: :IUDS:$XXXXXXXX.PUBSDECL.ALL
4TE7: PUBSETS: *
4TE7: DEFAULT PUBSET: IUDS
4TE7: ------------------------------------------
% UDS0722 UDS ORDER ADD RLOG 150628094054 IN EXECUTION (ILL1283,09:26:52/4TE7) 
% UDS0356 UDS EXECUTION OF ORDERS FOR SHIPPING TERMINATED (ILL1309,09:26:52/4TE7)

//ADD-USER-GROUP USER-GROUP-NAME=*KSET-FORMAT(HOST=UTMHOST1,APPLICATION=UTMAWVER,KSET=KSETADM),
  OBJECT=(*REALM(NAME=*ALL,RIGHT=ALL),*RECORD(NAME=*ALL,RIGHT=ALL),*SET(NAME=*ALL,RIGHT=ALL))
//ADD-USER-GROUP USER-GROUP-NAME=*KSET-FORMAT(HOST=UTMHOST1,APPLICATION=UTMAWVER,KSET=KSETUPD),
  OBJECT=(*REALM(NAME=*ALL,RIGHT=ALL),*RECORD(NAME=*ALL,RIGHT=ALL),*SET(NAME=*ALL,RIGHT=ALL))
//ADD-USER-GROUP USER-GROUP-NAME=*KSET-FORMAT(HOST=UTMHOST1,APPLICATION=UTMAWVER,KSET=KSETRTR),
  OBJECT=*REALM(NAME=*ALL,RIGHT=RETRIEVAL),*RECORD(NAME=*ALL,RIGHT=RETRIEVAL),*SET(NAME=*ALL,RIGHT=RETRIEVAL))
//END

% UDS0758 NUMBER OF DML-STATEMENTS AND I/O COUNTERS PER DATABASE (ILL1758,09:27:25/4TE7) 
4TE7: DATABASE NAME DMLS LOG READ PHYS READ LOG WRITE PHYS WRITE
4TE7: ------------------------------------------------------------------------
4TE7: SHIPPING                   13       112          59        42          20
% UDS0213 UDS NORMAL SYSTEM TERMINATION WITH **************13 DML-STATEMENTS 2019-01-29
(ILLY033,09:27:25/4TE7)
***** DIAGNOSTIC SUMMARY OF BPRIVACY

               NO WARNINGS
               NO ERRORS
               NO SYSTEM-ERRORS

***** END OF DIAGNOSTIC SUMMARY
***** NORMAL END BPRIVACY (UDS/SQL V2.9  1801 )     2019-01-29   09:27:25

For further information, see the load parameter PP PRIVACY-CHECK in chapter "DBH load parameters" and the manual "Creation and Restructuring”, BPRIVACY.

Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly

Defining UDS/SQL user groups and granting access privileges