friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.apis_5.4.0.1/qsysetpt.htm

262 lines
8.0 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
<title>Set To Profile Token (QSYSETPT, QsySetToPrfTkn) API</title>
<!-- Begin Header Records ========================================== -->
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<!-- QSYSETPT SCR450 A converted by B2H R4.1 (346) (CMS) by V2DCIJB -->
<!-- at RCHVMW2 on 2 Oct 1999 at 10:25:04 -->
<!-- Change History: -->
<!-- YYMMDD USERID Change description -->
<!-- Edited by Kersten Jan 02 -->
<!--End Header Records -->
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
</head>
<body>
<a name="Top_Of_Page"></a>
<!-- Java sync-link -->
<script language="Javascript" src="../rzahg/synch.js" type="text/javascript">
</script>
<h2>Set To Profile Token (QSYSETPT, QsySetToPrfTkn) API</h2>
<p><img src="delta.gif" alt="Start of change"></p>
<div class="box" style="width: 60%;">
<br>
&nbsp;&nbsp;Required Parameter Group for QSYSETPT:<br>
<!-- iddvc RMBR -->
<br>
<table width="100%">
<tr>
<td align="center" valign="top" width="10%">1</td>
<td align="left" valign="top" width="50%">Profile token</td>
<td align="left" valign="top" width="20%">Input</td>
<td align="left" valign="top" width="20%">Char(32)</td>
</tr>
<tr>
<td align="center" valign="top">2</td>
<td align="left" valign="top">Error code</td>
<td align="left" valign="top">I/O</td>
<td align="left" valign="top">Char(*)</td>
</tr>
</table>
<br>
&nbsp;&nbsp;Default Public Authority: *USE<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Threadsafe: Yes<br>
<!-- iddvc RMBR -->
<br>
</div>
<br>
<div class="box" style="width: 60%;">
<br>
&nbsp;&nbsp;Syntax for QsySetToPrfTkn:<br>
<pre>
#include &lt;qsyptkn.h&gt;
void QsySetToPrfTkn
(unsigned char *<em>Profile_token</em>,
void *<em>Error_code</em>);
</pre>
&nbsp;&nbsp;Service Program: QSYPTKN<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Default Public Authority: *USE<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Threadsafe: Yes<br>
<!-- iddvc RMBR -->
<br>
</div>
<p><img src="deltaend.gif" alt="End of change"></p>
<p>The Set To Profile Token (OPM, QSYSETPT; ILE, QsySetToPrfTkn) API validates
the profile token and changes the current thread to run under the user and
group profiles represented by the profile token.</p>
<p>The qualified job name does not change to reflect the new user profile. Any
object, however, created by the thread while running under the new profile is
owned by the new profile or its group profile. If the job is running single
threaded and the job user identity has not been explicitly set by an API, the
job user identity is changed to the name of the new profile. If the job is
running multithreaded, the job user identity does not change.</p>
<p>If the profile token is not valid, this API signals the message CPF2274 and
puts an AF-W audit entry in the QAUDJRN audit journal.</p>
<p>If you use this API to begin running under a specific profile, any spooled
files created are, by default, owned by that profile. This is controlled by the
spool file owner (SPLFOWN) parameter on the CRTPRTF command and is done by
putting the spooled file under a QPRTJOB job. Any spooled file command that
references the spooled file with the job special value * will access only those
files that were created before the profiles were swapped.</p>
<br>
<h3>QPRTJOB</h3>
<p>A QPRTJOB job is the name of a job under which files are spooled when the
current job's user name is not the same as the user profile running currently.
For example, if you use this API to set the profile to user JOE and create a
spooled file, the file is spooled under job nnnnnn/JOE/QPRTJOB. This ensures
that user JOE owns the spooled file and if that user uses the WRKSPLF command,
the file is displayed.</p>
<br>
<h3>Output Queue Considerations</h3>
<p>The output queue that a spooled file is placed in may be different after
using this API. If the application using this API produces spooled output that
needs to be on a secure output queue or the application is expecting the
spooled output to be found on a particular output queue,
configuration changes may be required.
See the <a href="../rzahg/rzahgprint.htm">Printing</a> topic for
information about which output queue contains the
spooled output.</p>
<br>
<h3>Authorities and Locks</h3>
<dl>
<dt><em>API Public Authority</em></dt>
<dd>*USE</dd>
</dl>
<br>
<h3>Required Parameter Group</h3>
<dl>
<dt><strong>Profile token</strong></dt>
<dd>INPUT; CHAR(32)
<p>The profile token returned by the Generate Profile Token (QSYGENPT,
QsyGenPrfTkn)API or Generate Profile Token From Profile Token (QSYGENFT,
QsyGenPrfTknFromPrfTkn) API that represents the user profile to which to
switch.</p>
<br>
</dd>
<dt><strong>Error code</strong></dt>
<dd>I/O; CHAR(*)
<p>The structure in which to return error information. For the format of the
structure, see <a href="../apiref/error.htm#hdrerrcod">Error Code Parameter</a>.</p>
</dd>
</dl>
<br>
<h3>Error Messages</h3>
<table width="100%" cellpadding="5">
<!-- cols="15 85" -->
<tr>
<th align="left" valign="top">Message ID</th>
<th align="left" valign="top">Error Message Text</th>
</tr>
<tr>
<td align="left" valign="top">CPF18A8 E</td>
<td align="left" valign="top">Error occured during set profile to profile token.</td>
</tr>
<tr>
<td align="left" valign="top">CPF2225 E</td>
<td align="left" valign="top">Not able to allocate internal system object.</td>
</tr>
<tr>
<td align="left" valign="top">CPF2274 E</td>
<td align="left" valign="top">Profile token is not valid.</td>
</tr>
<tr>
<td align="left" valign="top">CPF3CF1 E</td>
<td align="left" valign="top">Error code parameter not valid.</td>
</tr>
<tr>
<td align="left" valign="top">CPF3C36 E</td>
<td align="left" valign="top">Number of parameters, &amp;1, entered for this API was not
valid.</td>
</tr>
<tr>
<td align="left" valign="top">CPF3C90 E</td>
<td align="left" valign="top">Literal value cannot be changed.</td>
</tr>
<tr>
<td align="left" valign="top">CPF9872 E</td>
<td align="left" valign="top">Program or service program &amp;1 in library &amp;2 ended.
Reason code &amp;3.</td>
</tr>
</table>
<br>
<h3>Usage Notes</h3>
<h4>Considerations for Scope and Thread Safety</h4>
<p>This API sets the user profile for the thread in which it is called. Thus,
if the API is called while running multithreaded, it will result in different
threads in the same process simultaneously running under different user
profiles.</p>
<p>While this API itself is threadsafe, it should only be used in a job that is
running multithreaded when all code running in the job is known to be trusted
and operating in a coordinated manner. Some considerations when running
multiple threads under different user profiles are:</p>
<ul>
<li>The design of threads is for every thread in the job to share the same
resources. With threads, programs share the same static and heap storage, and
by passing pointers, they can get at each other's automatic storage. They also
share open files and other resources, such as the same QTEMP library and the
profile tokens used by this API.</li>
<li>Assume two users are allowed to run their own commands or programs in
different threads of a single job. One of the users may be able to read or
write data of the other user. This access may occur without the system doing an
authority check or even auditing the fact that they read or modified the
data.</li>
</ul>
<br>
<hr>
API introduced: V4R5
<hr>
<table align="center" cellpadding="2" cellspacing="2">
<tr align="center">
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
"sec.htm">Security APIs</a> | <a href="aplist.htm">APIs by category</a></td>
</tr>
</table>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink