Read only access to Project
Moderators: chulett, rschirm, roy
-
- Participant
- Posts: 3593
- Joined: Thu Jan 23, 2003 5:25 pm
- Location: Australia, Melbourne
- Contact:
I'm not sure how you prevent someone from running jobs. You might be able to supply access through the Information Server Reporting console and maybe Metadata Workbench. If you can navigate the difficult reporting interface you can set up some reports showing error, warning and log messages across jobs plus you can save HTML job reports that show a picture of the job and the properties of each stage in the job. These get saved into the reporting area. If find it all tricky to use and navigate but you might be able to make something of it.
Certus Solutions
Blog: Tooling Around in the InfoSphere
Twitter: @vmcburney
LinkedIn:Vincent McBurney LinkedIn
Blog: Tooling Around in the InfoSphere
Twitter: @vmcburney
LinkedIn:Vincent McBurney LinkedIn
-
- Premium Member
- Posts: 278
- Joined: Wed Oct 03, 2007 8:45 am
-
- Premium Member
- Posts: 37
- Joined: Wed Mar 23, 2005 5:20 am
I doubt whether we can restrict any user just to view the director logs and not allowing them to run any job.
Operator user only can reset and run the jobs, but cannot make job changes or compile the objects through the designer.
I dont know if there is a rule or group that is less complicated to that was explained above available in 8.1
Operator user only can reset and run the jobs, but cannot make job changes or compile the objects through the designer.
I dont know if there is a rule or group that is less complicated to that was explained above available in 8.1
The problems with doing it at the UNIX level is that DataStage does not know it is restricted at the UNIX level so it tries to update a job when it is not possible at the UNIX level. This leaves records locked like the next job number. So project becomes frozen to the real developers. So as long as a restriced user never tries to create a job then you are fine.
Similar things happen when you try to run jobs and your user cannot write to the RT_* files. These processes become blocked at the UNIX level. Some admin has to delete these blocked or frozen processes.
It keeps users from doing things that you do not want them to do but it does not work smoothly. Version 8 created more roles to try to resolve this issue. If you work within the limits of the tool then it runs smoothly. You can trick it into doing something it was not designed to do but there is always a price to pay.
Someone owes me a twist of lemon.
Similar things happen when you try to run jobs and your user cannot write to the RT_* files. These processes become blocked at the UNIX level. Some admin has to delete these blocked or frozen processes.
It keeps users from doing things that you do not want them to do but it does not work smoothly. Version 8 created more roles to try to resolve this issue. If you work within the limits of the tool then it runs smoothly. You can trick it into doing something it was not designed to do but there is always a price to pay.
Someone owes me a twist of lemon.
Mamu Kim
-
- Premium Member
- Posts: 278
- Joined: Wed Oct 03, 2007 8:45 am
I just did a test and when the UID was in the role of DS/QS operator and had read only unix rights on either the &PH& folder or the DS_JOB folder and I was not able to execute the job from the client or director. When I added the execute priviledge to the folder it was able to execute the job.
These were the folder under the project. In all cases I was able to abort the job regardless of the rights at the unix level. However, with read only rights to the folder I was not able to reset the job.
My environment may be setup different than yours so I can't guarantee it will work for you but try it if you have a test environment.
P.S. There may be some good reasons you would not want to do that but if a UID is setup for non executable person, just ensure they are not in anything but the "other" group priviledge with read only access.
These were the folder under the project. In all cases I was able to abort the job regardless of the rights at the unix level. However, with read only rights to the folder I was not able to reset the job.
My environment may be setup different than yours so I can't guarantee it will work for you but try it if you have a test environment.
P.S. There may be some good reasons you would not want to do that but if a UID is setup for non executable person, just ensure they are not in anything but the "other" group priviledge with read only access.