In many cases, such as the assignment of print outq's, it will be necessary for the
iSeries 400 to know what Strategi user someone is signed in as. The user identification
information can be passed to the iSeries 400 startup job whenever a Strategi user
signs on to the iSeries 400. In pre-V2R1M1 releases, this is done using a specifically modified signon screen,
which includes fields to accept Strategi-related input, and few Strategi configuration
entries. With a V2R1M1 or higher release, a modified signon screen is no longer
required. Both methods are described below.
Instructions for Using Non-Modified Signon Screen To Assign Outqueues
The process is:
- When a user logs in through Strategi, Strategi ESM (Emulation Services Manager)
will attempt to retrieve the User Type, User Number and Strategi library via an HSM request
(Note: Should that HSM request fail, it will default the previous behavior where a modified
signon screen is required)
- The iSeries 400 signon CL (set for the iSeries 400 user profile) or job initiation program
(set in the subsystem description for the subsystem supplying the signon screens) calls
a Strategi command to retrieve the user information.
Requirements:
- The emulation sessions must be served by ESM.
(Note: This is the default behavior when you install or upgrade to V2 or higher releases.)
- The workstation device name cannot have a QPADEV prefix.
(Detail: The device can be anything other than QPADEV*. The device can either be assigned
explicitly to the users via the Required Device Name parameter or generically to all users
via the Strategi Value TERMINALNAME)
Setup Details
- Compile the example signon programs provided in STRATEGI/SGIEXAMPLE, called SYSSIGNON,
SYSSIGNON2, SYSSIGNON3 and SYSSIGNON4. The compiled programs should be placed in library
QUSRSYS.
- Modify either the user(s) signon program or the subsystem job initiation program to
call RTVSGISSNI. If security is required, the signon job must be placed at the top of the
library list, and the RTVSGISSNI command called specifically from the STRATEGI library
and not from the library list. Refer to STRATEGI/SGIEXAMPLE(SYSSIGNON) and (SYSSIGNON2) for
a working example of this, using the user's signon program. If a signon program is used,
it is preferable to assign all users the same signon program, and have this branch to
a separate user specific job, if such a job has been set up.
Instructions for Using a Modified Signon Screen To Assign Outqueues
The process is:
- When the user logs in through Strategi, Strategi will place the user type, number,
and Strategi library (which, in this document, we will assume to be STRATEGI) name in
these signon screen fields.
- The iSeries 400 signon CL (set for the iSeries 400 user profile) or job initiation program
(set in the subsystem description for the subsystem supplying the signon screens) calls
a Strategi command to retrieve the user information.
- The RTVSGISSNI command creates a data area in QTEMP containing the information,
which is then available for the rest of the job.
Setup Details
- Modify the signon screen to add the user information field. The information field
may be placed anywhere on the screen, and must be 28 bytes long, hidden, protected and
flagged as MDT-set. This field must be hidden, so the users never see it. The field
must be flagged with a MDT (modified data tag), so the field is treated as "changed",
and the data found therein always returned to the iSeries 400. Refer to STRATEGI/SGIEXAMPLE(QDSIGNON)
for a standard signon screen modified example.
- Assign the modified signon screen to the subsystem which supplies the virtual
devices used for Strategi signon, using the command "CHGSBSD", keyword "SGNDSPF".
This subsystem will need to be restarted to make the new signon screen active. If you
use this opportunity to redesign the signon screen, the new signon screen will be
unrecognizable to Strategi until the configuration is updated.
- Configure the user information field location in the Strategi configuration, at
Keyword "STRATEGIUSER", in group "VRT", then restart Strategi. Reconnect with Strategi
after restarting, ensuring the signon screen definition is functioning correctly.
- Optionally, you may create a new user profile, SGIDFTOWN, with password *NONE and
status *DISABLED. This user profile's sole purpose is to protect the data area created
in QTEMP in the step below, so later programs or users cannot modify it, thus impersonating
another registered user. It is not used for any jobs, interactive or batch. This protection
is achieved by changing the owner of the *DTAARA to SGIDFTOWN, and revoking the user's
authority to the object to prevent the contents of the DTAARA being modified or the DTAARA
being removed after the user has signed on. This means, then, that the DTAARA area can be
continually accessed to identify the user by applications throughout the job and the information
it contains trusted, from a security point of view. If used in the signon program, this
command may fail if certain messages, such as "User *OUTQ is invalid," are sent by the
system.
- Modify either the user(s) signon program or the subsystem job initiation program to
call RTVSGISSNI. If security is required, the signon job must be placed at the top of the
library list, and the RTVSGISSNI command called specifically from the STRATEGI library
and not from the library list. Refer to STRATEGI/SGIEXAMPLE(SYSSIGNON) and (SYSSIGNON2) for
a working example of this, using the user's signon program. If a signon program is used,
it is preferable to assign all users the same signon program, and have this branch to
a separate user specific job, if such a job has been set up.
** End of Technical Support Bulletin **
|