Re: [U2] UV.ACCESS Record Structure
Perry, I am to publish an article in IBM Knowledge Base on this topic. Here are the details that might help you : The format of an UV.ACCESS record is : AMC Column Label S/M Comment 0 @ID FunctionSingle a String recognized by the UniVerse administration tool concerned (1) 1 Users Users Multivalued System login authorized for the corresponding Function with the privileges listed in field Privileges 2 Privileges Privileges Multivalued value = READ or WRITE : a unique pair of character strings mentionning the SQL rights granted for the corresponding administrative Function for the administrators listed in the Users field (1) This string is hard coded in the product tools for these processes, which are setup by default in the UV.ACCESS file The good point you ask about is regarding the number of multivalues in the 2nd field of the record. Per my understanding, the actual logic of the internal function querying the special permissions appears someway curious in that it does not give an option to setup access rights per user, but only for all the users listed in field #1. In your example, if you want to add to a specific user (I'll name it UVTLRADM) the ability to Activate-Deactivate files for logging, the following would be sufficient : CT UV.ACCESS LOG_ACT LOG_ACT 0001 uvadm}root}NT AUTHORITY\system}UVTLRADM 0002 READ}WRITE But, it you want to revoke the NT AUTHORITY\system user this right, you would have : CT UV.ACCESS LOG_ACT LOG_ACT 0001 uvadm}root}UVTLRADM 0002 READ}WRITE Hope this will help. Hervi BALESTRIERI Support Technique Avanci - Produits U2 --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
Re: [U2] UV.ACCESS Record Structure
Important precision : The UV.ACCESS file is used only in case of accessing UniVerse SQL tables. This is NOT a security backdoor to access files not declared as SQL tables !... Hervi BALESTRIERI Support Technique Avanci - Produits U2 --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
[U2] UV.ACCESS Record Structure
I need to add a user to the LOG_ACT record in UV.ACCESS to allow that user to programmatically active/deactivate logging for files. I cannot find any documentation on the record structure. It appears that attribute one is a multi-valued list of user ids and attribute two a multi-valued list of privileges. What is confusing is it appears that the privileges are not correlative to the users. In other words, apparently, there is no way to assign privileges per user. Is this correct? For example here is what my LOG_ACT record looks like... CT UV.ACCESS LOG_ACT LOG_ACT 0001 uvadm}root}NT AUTHORITY\system 0002 READ}WRITE Note that there are three users but only two privileges. I find that I can add a user to attribute one and accomplish what I need but I'd like to know more about UV.ACCESS so I don't break something. Thanks. Perry Taylor Zirmed, Inc. (502) 473-7709 ext 4392 mailto:[EMAIL PROTECTED] UniVerse 10.1.21, RHEL V3, Serial No: 12358315 Pick Flavor CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. ZirMed, Inc. has strict policies regarding the content of e-mail communications, specifically Protected Health Information, any communications containing such material will be returned to the originating party with such advisement noted. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/