DataStage 7.5 - Restrict access to particular user
Moderators: chulett, rschirm, roy
-
- Participant
- Posts: 14
- Joined: Tue Sep 08, 2009 12:45 pm
DataStage 7.5 - Restrict access to particular user
Hi,
We need to restrict particular user (Read only access) to a project. So, do we need to assign "DataStage Operator" role to the Group to which that user belongs to? Is that sufficient?
Or, do we need to set some specific permission at OS level?
Please advise.
Thanks.
We need to restrict particular user (Read only access) to a project. So, do we need to assign "DataStage Operator" role to the Group to which that user belongs to? Is that sufficient?
Or, do we need to set some specific permission at OS level?
Please advise.
Thanks.
-
- Participant
- Posts: 14
- Joined: Tue Sep 08, 2009 12:45 pm
Craig,
We have one common DataStage project to which we need to restrict access to few users.
Those users should only have Read only access to all the jobs in that particular project.
They should not be allowed to modify/create jobs in that project.
Please let me know if we make the group to which those users belong as "DataStage Operator", will that be fine?
Thanks.
We have one common DataStage project to which we need to restrict access to few users.
Those users should only have Read only access to all the jobs in that particular project.
They should not be allowed to modify/create jobs in that project.
Please let me know if we make the group to which those users belong as "DataStage Operator", will that be fine?
Thanks.
-
- Participant
- Posts: 14
- Joined: Tue Sep 08, 2009 12:45 pm
I'm pretty sure that would be ok and all that you'd need to do but not anywhere I could verify. Check your docs as the Operator role went through changes over time, so you'd need to verify what exactly it enforces in your version. Should be easy enough to test it, I would imagine.
-craig
"You can never have too many knives" -- Logan Nine Fingers
"You can never have too many knives" -- Logan Nine Fingers
-
- Participant
- Posts: 14
- Joined: Tue Sep 08, 2009 12:45 pm
Thanks Craig.
I tested it by creating a group "testgrp" and added a user id "test" to it.
In DS Administrator, I assigned "DataStage Operator" role to that "testgrp".
When I am trying to login, the following error message is appearing.
"Record D80FBFBF-2CD3-4DC3-B823-FF6D0AAB73E2-SYSTEM3:700570 on file 29 cannot be written"
Is this something with permission at OS level?
I tested it by creating a group "testgrp" and added a user id "test" to it.
In DS Administrator, I assigned "DataStage Operator" role to that "testgrp".
When I am trying to login, the following error message is appearing.
"Record D80FBFBF-2CD3-4DC3-B823-FF6D0AAB73E2-SYSTEM3:700570 on file 29 cannot be written"
Is this something with permission at OS level?
Probably... does the group the new user belongs to have enough permissions into the project? Specifically for system objects like the DS_AUDIT hashed file? I'm not sure exactly what might get written to upon logon, I'm sure others here will, however.
I'm guessing you may still not be able to logon even with a different role assigned to that user.
I'm guessing you may still not be able to logon even with a different role assigned to that user.
-craig
"You can never have too many knives" -- Logan Nine Fingers
"You can never have too many knives" -- Logan Nine Fingers
Hi
I don't think Operator role will help you. DataStage Operators only can see jobs that had been released (option Release job). Whe you release a job, it is added subfix numbers to job's name (something like MyJob.15.1.0), this requests that you change the sequence job name that could be calling the job to get the last version (MyJob.15.1.1).
In your case, I suggest you restrict permission from OS level, even when the users will get errors when they attempt to do an invalid option.
Regards,
Cecilia
I don't think Operator role will help you. DataStage Operators only can see jobs that had been released (option Release job). Whe you release a job, it is added subfix numbers to job's name (something like MyJob.15.1.0), this requests that you change the sequence job name that could be calling the job to get the last version (MyJob.15.1.1).
In your case, I suggest you restrict permission from OS level, even when the users will get errors when they attempt to do an invalid option.
Regards,
Cecilia
-
- Participant
- Posts: 14
- Joined: Tue Sep 08, 2009 12:45 pm
Not to derail the thread but this is a common misconception and not at all true. You can still refer to the 'base' or regular (unreleased) name of the job and it will automagically run the highest version it can find in the Project.cecilia wrote:When you release a job, it is added subfix numbers to job's name (something like MyJob.15.1.0), this requests that you change the sequence job name that could be calling the job to get the last version (MyJob.15.1.1).
-craig
"You can never have too many knives" -- Logan Nine Fingers
"You can never have too many knives" -- Logan Nine Fingers
-
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
You're doing well so far. All users need write permission to the DS_LICENSE hashed file in the DSEngine directory. This is the "file 29" that the error message was complaining about.
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
-
- Participant
- Posts: 14
- Joined: Tue Sep 08, 2009 12:45 pm
-
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
Does the dstage group have Developer role in the project? If so, adding this user to that group would defeat your objective. You need to add this user or group to the DataStage roles using Adminstrator client. You may also need to ensure that all users have read access (and "x" to directories) throughout the project directory.
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.