DSXchange

hi,
we've set up Datastage on a unix-box with the user PDdtsadm as datastage-admin (stands for production datastage admin). We've created a group in which we've also added a user PDdtsuser. Logging in to unix this user seems to have access to all datastage folders.
When we connect trough director or designer with this user, we get the message access denied. The security trough datastage administrator is set completely open (every group available on the server is set as designer).
Any ideas?

Hi,
Usually when the dsadm user works and others fail to login it means that that user has not the access to some relevant locations, such as temp directory or other places.
I do belive docs say other users must belong to the dstage group of dsadm user as their primary group.
this group is the same group your dsadm user belongs to.

IHTH,

after the previous message we saw some other problems also, so we started with a fresh install.
What happens now is that I'm able to log into director using the nonadmin user. But after opening the project trough administrator with the admin user, we again get access denie for the non-admin user.
Which files are updated trough the administrator when doing this?

I think your problems might be related to the umask settings; see the installation readme which is now quite comprehensive when it comes to setup permissions & user groups. If you do a cd to the project directory and check your access to the VOC file there do you have RW access to it? What are the permissions on that object?

umask may or maynot be set in the ds.rc script depending on the Unix platform. Run <DSHOME>/bin/uv -admin -info to find the script location, and check the umask setting at the top of the script.

NB: If you change this script you must stop and restart DataStage

umask is set to 002 as said in the documentation. We've read all we could find in the DS-docs, without success.
all unix-related security is correct.

After some tests we found that the PDdtsuser can logon to a new project, as long as we didn't open the project with the PDdtsadm user trough datastage administrator. When you do this this creates 3 files in the project folder: .developer.adm ,.operator.adm and .prodmgr.adm with all unix-groups in the .developer file (as long as you don't change security, this actually moves the groups betwwen the files ).
When we delete these files the PDdtsuser can again connect.

We' ve also tried to define the user localy, because it is now done trough NIS, but that also didn't work.

Odd, I have no problem openning DS administrator under dsadm, open a project's properties window and still connect to the same project with another user via DS designer.

did you perform none root install?

if your working with NIS read the relevant info in the install guide.