August 03, 2007, 12:45 PM
mgrackinChecking Directory Permissions in EDASPROF.PRF
Let me see if I can explain what I would like to do in as few words as possible.
I have the WF Server setup so that it will authenticate users against the SYSOP (Windows Domain). I have an application which only a certain set of users are allowed to access. I am using an HTML page with the WF_SIGNON action to process the logon credentials. The problem I am having is when a user enters valid credentials based on the Windows Domain but is NOT in the group that has permissions to a specific directory containing the application files. After a valid logon, the WF Server attempts to run a focexec. I need to check to see if the user has access to the directory before attempting to run a focexec from that directory. If the user is validated but does not have access to the directory with the focexec, WF returns your standard focexec not found message. I want to check privileges before attempting the execution so that I can pass back a nice message saying they do not have access to the application.
Is there any technique to verify that a user has access to a directory before attempting to run a focexec located in that directory?
I am controlling the permissions using the Windows Directory security controls.
Please let me know if this isn't quite clear.
August 03, 2007, 01:11 PM
Tom FlynnHey Mickey,
Just a thought/info/idea on what I've done.
Created multiple DOMAINS, one DOMAIN is for a certain set of users.
Then, on the server, under Configuration files are user profiles.
For the certain set of users, I add a profile for those ID's with PRPENDPATH PRIVATE DOMAIN
In EDASPROF for everyone is APP PATH ALL DOMAINS EXCEPT THE PRIVATE ONE
You may be able do all this in MRE administration, now...???
August 03, 2007, 01:29 PM
mgrackinTom,
Thanks for the suggestions. However, I am already doing this. After the logon is validated, the Application Profile FOCEXEC (executed via the _site_profile) which I created PREPENDS the necessary APP Directory to the APP PATH. The problem is that users whith valid credentials based on the SYSOP may not necessarily have access rights to the APP Directory at the OS level and therefore the FOCEXEC CANNOT BE FOUND when WF tries to execute it.
August 03, 2007, 01:47 PM
Francis MarianiMickey, here's an idea:
Since you cannot check for the FOC227 error, how about doing a FILEDEF to a file in the APP folder and then doing a READ. You can then test &IORETURN to verify if the user has access.
Just a thought.
Francis
Give me code, or give me retirement. In FOCUS since 1991
Production: WF 7.7.05M, Dev Studio, BID, MRE, WebSphere, DB2 / Test: WF 8.1.05M, App Studio, BI Portal, Report Caster, jQuery, HighCharts, Apache Tomcat, MS SQL Server
August 03, 2007, 02:25 PM
mgrackinFrancis,
I was looking for a way to do something like this. I will give it a shot.
August 03, 2007, 03:52 PM
mgrackinAPP FI ...
-READ ...
Worked.
August 03, 2007, 04:06 PM
Francis MarianiGood stuff!
Francis
Give me code, or give me retirement. In FOCUS since 1991
Production: WF 7.7.05M, Dev Studio, BID, MRE, WebSphere, DB2 / Test: WF 8.1.05M, App Studio, BI Portal, Report Caster, jQuery, HighCharts, Apache Tomcat, MS SQL Server