Focal Point
Checking Directory Permissions in EDASPROF.PRF

This topic can be found at:
https://forums.informationbuilders.com/eve/forums/a/tpc/f/7971057331/m/6881080042

August 03, 2007, 12:45 PM
mgrackin
Checking Directory Permissions in EDASPROF.PRF
Let me see if I can explain what I would like to do in as few words as possible.

I have the WF Server setup so that it will authenticate users against the SYSOP (Windows Domain). I have an application which only a certain set of users are allowed to access. I am using an HTML page with the WF_SIGNON action to process the logon credentials. The problem I am having is when a user enters valid credentials based on the Windows Domain but is NOT in the group that has permissions to a specific directory containing the application files. After a valid logon, the WF Server attempts to run a focexec. I need to check to see if the user has access to the directory before attempting to run a focexec from that directory. If the user is validated but does not have access to the directory with the focexec, WF returns your standard focexec not found message. I want to check privileges before attempting the execution so that I can pass back a nice message saying they do not have access to the application.

Is there any technique to verify that a user has access to a directory before attempting to run a focexec located in that directory?

I am controlling the permissions using the Windows Directory security controls.

Please let me know if this isn't quite clear. Confused


Thanks!

Mickey

FOCUS/WebFOCUS 1990 - 2011
August 03, 2007, 01:11 PM
Tom Flynn
Hey Mickey,

Just a thought/info/idea on what I've done.

Created multiple DOMAINS, one DOMAIN is for a certain set of users.

Then, on the server, under Configuration files are user profiles.

For the certain set of users, I add a profile for those ID's with PRPENDPATH PRIVATE DOMAIN

In EDASPROF for everyone is APP PATH ALL DOMAINS EXCEPT THE PRIVATE ONE

You may be able do all this in MRE administration, now...???


Tom Flynn
WebFOCUS 8.1.05 - PROD/QA
DB2 - AS400 - Mainframe
August 03, 2007, 01:29 PM
mgrackin
Tom,

Thanks for the suggestions. However, I am already doing this. After the logon is validated, the Application Profile FOCEXEC (executed via the _site_profile) which I created PREPENDS the necessary APP Directory to the APP PATH. The problem is that users whith valid credentials based on the SYSOP may not necessarily have access rights to the APP Directory at the OS level and therefore the FOCEXEC CANNOT BE FOUND when WF tries to execute it.


Thanks!

Mickey

FOCUS/WebFOCUS 1990 - 2011
August 03, 2007, 01:47 PM
Francis Mariani
Mickey, here's an idea:

Since you cannot check for the FOC227 error, how about doing a FILEDEF to a file in the APP folder and then doing a READ. You can then test &IORETURN to verify if the user has access.

Just a thought.


Francis


Give me code, or give me retirement. In FOCUS since 1991

Production: WF 7.7.05M, Dev Studio, BID, MRE, WebSphere, DB2 / Test: WF 8.1.05M, App Studio, BI Portal, Report Caster, jQuery, HighCharts, Apache Tomcat, MS SQL Server
August 03, 2007, 02:25 PM
mgrackin
Francis,

I was looking for a way to do something like this. I will give it a shot.


Thanks!

Mickey

FOCUS/WebFOCUS 1990 - 2011
August 03, 2007, 03:52 PM
mgrackin
APP FI ...

-READ ...

Worked.


Thanks!

Mickey

FOCUS/WebFOCUS 1990 - 2011
August 03, 2007, 04:06 PM
Francis Mariani
Good stuff!


Francis


Give me code, or give me retirement. In FOCUS since 1991

Production: WF 7.7.05M, Dev Studio, BID, MRE, WebSphere, DB2 / Test: WF 8.1.05M, App Studio, BI Portal, Report Caster, jQuery, HighCharts, Apache Tomcat, MS SQL Server