Configuration help and ideas

Woth · Post by **Woth** » Mon Feb 21, 2005 10:10 am

I'm currently in the process of installing DataStage(PX) on an AIX server. This perticular box will be used for traning and development projects.

I need to properly "secure" the training projects and development projects. I think I can do this using a mix of UNIX groups and Datastage groups.

Is this futile, doable? Anyone experimented this? Where can I find proper information on datastage groups. (the pdfs are hardly helpful).

Thanks for the push

ray.wurlod · Post by **ray.wurlod** » Mon Feb 21, 2005 2:53 pm

There's no such thing as "DataStage groups" - I suspect you're referring to DataStage roles. You attach DataStage roles to operating system groups in the Administrator client.

Definitely do-able.

Create one operating system group for each project, and another (say dstage) for all DataStage users. Make dstage the primary group for dsadm. Make all DataStage users' umask 002. Make each DataStage user's primary group the group associated with that user's main project.
Add users to groups according to which projects they need to work in.

nkreddy · Post by **nkreddy** » Tue Feb 22, 2005 9:20 am

Ray,

Would you please tell me why we need umask 002 in the .profile. Our profile has umask 00. Do you recommend us to change that?

Thanks,
NK

Sainath.Srinivasan · Post by **Sainath.Srinivasan** » Tue Feb 22, 2005 9:24 am

Umask is the mechanism to set permission on any files created during the process. Umask 000 gives more permission than umask 002 and hence must be ok.

ray.wurlod · Post by **ray.wurlod** » Tue Feb 22, 2005 3:32 pm

umask 00 allows everyone who has access to the machine to read and write. Everyone. If that's what you want, then OK.

umask 002 means that only members of the group (as well as the original creator/owner) have write permission; to others the objects are read-only.