In many cases, such as the assignment of print outq's, it will be necessary for the
iSeries 400 to know what Strategi user someone is signed in as. The user identification
information can be passed to the iSeries 400 startup job whenever a Strategi user
signs on to the iSeries 400. This is done using a specifically modified signon screen,
which includes fields to accept Strategi-related input, and few Strategi configuration
entries. The process is:
- When the user logs in through Strategi, Strategi will place the user type, number,
and Strategi library (which, in this document, we will assume to be STRATEGI) name in
these signon screen fields.
- The iSeries 400 signon CL (set for the iSeries 400 user profile) or job initiation program
(set in the subsystem description for the subsystem supplying the signon screens) calls
a BusinessLink command to retrieve the user information.
- The RTVSGISSNI command creates a data area in QTEMP containing the information,
which is then available for the rest of the job.
Setup Details
- Modify the signon screen to add the user information field. The information field
may be placed anywhere on the screen, and must be 28 bytes long, hidden, protected and
flagged as MDT-set. This field must be hidden, so the users never see it. The field
must be flagged with a MDT (modified data tag), so the field is treated as "changed",
and the data found therein always returned to the iSeries 400. Refer to STRATEGI/SGIEXAMPLE(QDSIGNON)
for a standard signon screen modified example. Be sure to verify that the field is not
at the same row and column settings as any other elements on the signon screen. If your
screen is using the IBM defaults for the Menu label, this will collide with the ABLUSRINF
row and column setting as provided in QDSIGNON.
- Assign the modified signon screen to the subsystem which supplies the virtual
devices used for Strategi signon, using the command "CHGSBSD", keyword "SGNDSPF".
This subsystem will need to be restarted to make the new signon screen active. If you
use this opportunity to redesign the signon screen, the new signon screen will be
unrecognizable to Strategi until the configuration is updated.
- Configure the user information field location in the Strategi configuration, at
Keyword "STRATEGIUSER", in group "VRT", then restart Strategi. Reconnect with Strategi
after restarting, ensuring the signon screen definition is functioning correctly.
- Optionally, you may create a new user profile, SGIDFTOWN, with password *NONE and
status *DISABLED. This user profile's sole purpose is to protect the data area created
in QTEMP in the step below, so later programs or users cannot modify it, thus impersonating
another registered user. It is not used for any jobs, interactive or batch. This protection
is achieved by changing the owner of the *DTAARA to SGIDFTOWN, and revoking the user's
authority to the object to prevent the contents of the DTAARA being modified or the DTAARA
being removed after the user has signed on. This means, then, that the DTAARA area can be
continually accessed to identify the user by applications throughout the job and the information
it contains trusted, from a security point of view. If used in the signon program, this
command may fail if certain messages, such as "User *OUTQ is invalid," are sent by the
system.
- Modify either the user(s) signon program or the subsystem job initiation program to
call RTVSGISSNI. If security is required, the signon job must be placed at the top of the
library list, and the RTVSGISSNI command called specifically from the STRATEGI library
and not from the library list. Refer to STRATEGI/SGIEXAMPLE(SYSSIGNON) & (SYSSIGNON2) [V1R9+] or (SYSSGNON & SYSSGNON2) [V1R8 & earlier] for
a working example of this, using the user's signon program. If a signon program is used,
it is preferable to assign all users the same signon program, and have this branch to
a separate user specific job, if such a job has been set up.
** End of Technical Support Bulletin **
|
