Does anyone have a solution for the following: in DataStage v6.0 running on Unix. We have 2 (unix) groups, one group would have full access, the other group would only be allowed read access in DataStage.
We're not using releasing of jobs (this would make it possible to differentiate between operator and developer in DataStage), but we've had some bad experiences with it. Does anyone actually use releasing of jobs?
I have been thinking of giving the 2 groups developer access. but on a UNIX level keep all of the project files/directories on the first group while giving read access to world, so that the read-only group can login and read via Director but can't do anything else useful.
Or does anyone have other ideas on how to solve such a situation?
Regards,
Ogmios
Using different groups
Moderators: chulett, rschirm, roy
Ogmios
If you think that someone who runs a job only needs read access then you are wrong. DataStage Administrator has the ability to make a user so they can only run jobs as operators. It does work. You can set permissions so that it is read only for a group and assign users to that group. They will be able to view jobs but not run them. If one of these read only users looks at a job in Designer then that job is locked by DataStage because it does not need write permission to lock a job. These users typically do not understand the importance of locked jobs. If you have 3 projects like DEV, TEST and PROD then let them have access to TEST. The least amount of problems will be caused by giving them access to TEST. Developers should not have access to PROD only the DataStage admin user.
Thanks Kim.
Kim Duke
DwNav - ETL Navigator
www.Duke-Consulting.com
If you think that someone who runs a job only needs read access then you are wrong. DataStage Administrator has the ability to make a user so they can only run jobs as operators. It does work. You can set permissions so that it is read only for a group and assign users to that group. They will be able to view jobs but not run them. If one of these read only users looks at a job in Designer then that job is locked by DataStage because it does not need write permission to lock a job. These users typically do not understand the importance of locked jobs. If you have 3 projects like DEV, TEST and PROD then let them have access to TEST. The least amount of problems will be caused by giving them access to TEST. Developers should not have access to PROD only the DataStage admin user.
Thanks Kim.
Kim Duke
DwNav - ETL Navigator
www.Duke-Consulting.com
I know the distinction between operator and developer in DataStage, but if I put a user (actually the group the user is in) to operator he can only see released jobs.
And since we're not releasing jobs the operator rights are pretty useless. Hence the id of giving both developer rights, but putting all of the project files under the first group id, while giving only read access to the other group id.
Ogmios
And since we're not releasing jobs the operator rights are pretty useless. Hence the id of giving both developer rights, but putting all of the project files under the first group id, while giving only read access to the other group id.
Ogmios
-
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
ogmios
I was talking about UNIX control. You will need to change the umask to 002. I would do this in .dsenv. You need to stop and start DataStage to do this. It would be a lot of work but you need to write to all the RT files. Lets say a developer is in group dsdev and operators in dsrun. I would change &PH& to a type 19 file. At TCL:
RESIZE &PH& 19
umask 002 in .dsenv
cd projectdir
chmod -R 4777 *RT*
chmod -R 4777 &PH&
I would NOT recommend this but this should work. Everytime you add a new job or maybe even recompile a job then you need to chmod again. Good luck.
Thanks Kim.
Kim Duke
DwNav - ETL Navigator
www.Duke-Consulting.com
I was talking about UNIX control. You will need to change the umask to 002. I would do this in .dsenv. You need to stop and start DataStage to do this. It would be a lot of work but you need to write to all the RT files. Lets say a developer is in group dsdev and operators in dsrun. I would change &PH& to a type 19 file. At TCL:
RESIZE &PH& 19
umask 002 in .dsenv
cd projectdir
chmod -R 4777 *RT*
chmod -R 4777 &PH&
I would NOT recommend this but this should work. Everytime you add a new job or maybe even recompile a job then you need to chmod again. Good luck.
Thanks Kim.
Kim Duke
DwNav - ETL Navigator
www.Duke-Consulting.com