Hello List.
When I Start a NATRPC that execute Subroutines with VSAM Files updates, the user with update privileges must be the User that submit the NATRPC Job.
Is there a way that the NATRPC takes the privileges from the user that make the request from the web?
Can I avoid this problem if I set the security in EXX (Security=yes)?
One thing to look at is if the SYSSAF API for Natural (NA2NRES) would allow you to check if the user has update access to the VSAM files. You would use Natural Security with LOGONRQ=ON to ensure that the RPC call was authenticated. Pass *USER to NA2NRES to check their access to the dataset profile. (No promises…just my thoughts!)
Douglas Kelly,
Principal Consultant
Software AG, Inc
Sacramento, California
Hi, Douglas.
Thanks for your help.
I already have LOGONRQ=YES and I can check the update access to the vsam files via NA2NRES(this could be a workaroud), but the real problem is for example: If the user who start the NATRPC Job don’t have access to the vsam files, then no user will have access (because the RPC takes the privileges from the user who submit the JOB) If I check with NA2NRES I will see that the user have access but he can’t see the data. The same happen with DB2.
Is this the way EXX work? You need to have a SUPERUSER to start the NATRPC?.
Yes, this is the way EntireX Communicator works. The server application (Natural RPC in this case) needs to have access to the data (Adabas, DB2, VSAM, Oracle, etc) required by the service(s) the server is offering.
Unlike a “data access” mechanism, EntireX is giving access to a “service” - business rules and data - not just data.
Douglas Kelly,
Principal Consultant
Software AG, Inc
Sacramento, California