| Title: | *OLD* ALL-IN-1 (tm) Support Conference |
| Notice: | Closed - See Note 4331.l to move to IOSG::ALL-IN-1 |
| Moderator: | IOSG::PYE |
| Created: | Thu Jan 30 1992 |
| Last Modified: | Tue Jan 23 1996 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 4343 |
| Total number of notes: | 18308 |
G'day All,
I have come across a stange problem with the ALL-IN-1 System Manager
sub-system. Namely the MUA functionality and granting a user the
Application priv. "M", application manager.
In the form named SM$PROFILE there is a "misfeature" that is causing a
problem. When you enter "M" the logic in the named data is incorrect
when validating if I as a user have the right to grant the application
manager priv. to another user. Please see below I obtained this
information from debug.
XOP "~~CHECK_PRVAPP~~"
DEBUG[13]: OA$SCP_DISPATCH .IF SM$_VAL_PRVAPP <=> PRVAPP THEN
OA$VAL_SET_VALID\GET OA$STATUS = 1 ELSE GET OA$STATUS = 0
SM$_VAL_PRVAPP --> contains N,P,A and PRVAPP contains M
Further into the execution the following Named Data is coded
DEBUG[13]: OA$SCP_DISPATCH .IF PROFIL.PRVAPP[USER] NES SM$_AM_APPMAN
THEN GET OA$DISPLAY = OA$_IFR ELSE OA$VAL_SET_VALID
This is incorrect because "PROFIL.PRVAPP[USER]" should read
"PROFIL.PRVAPP[OA$USER]". So even if you do have the "M" priv. you can
not grant another user the "M" priv.
To get around the problem enter OA$VAL_SET_VALID at the Enter Command:
prompt, the "M" is than accepted.
You than get the following problem when the nominated user tries to
access CM. A message is displayed "Your Profile is being edited.
Please see you ALL-IN-1 Manager". Turning on debug gives the following
information
The CM_INIT_ENVIRONMENT.SCP script is invoked and prevents the user
accessing CM.
DEBUG[10]: .IF PROFIL.CREATE$FAIL[OA$USER] NE 3 THEN .GOTO CHECK_INIT_DONE
The value of "PROFIL.CREATE$FAIL[OA$USER]" is 3 it should be 0.
If I enter the following <WRITE CHANGE PROFIL USER = #CUR_ACCOUNT,
CREATE$FAIL = "0" at the MUA menu with the account selected. I get the
following problem when trying to access CM ABE
%OA-I-LASTLINE, You cannot access base elements
I am returned to the CM menu after the message has been flashed at
200km :-).
If I look in SYSUAF I have the correct identifier OA$MANAPP and
attributes of RESOURCE.
That's the first part of the problem. Now to the next part of the
problem :-(. The customer upgraded to 3.0 and has said that the
ALL-IN-1 Managers account does not have the APP flag set to "M" nor can
he find any other accounts having the APP flag set to "M". How can I
get around this problem ? Any suggestions would be gratefully
accepted. If you need me to SPR the problem please let me know.
Thanks for your help in advance
Sunil
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 1343.1 | AM MAP | IOSG::BILSBOROUGH | Just testing. Please ignore!!! | Wed Sep 02 1992 11:50 | 9 |
The reason you cannot access base elements is because you have not
granted this new application manager access to any areas. You'll need
to go to AM MAP and add them to SHARE or/and <lang> to be able to
access the base elements.
Ta,
Mike
| |||||
| 1343.2 | Please don't hack, use menu options! | CESARE::EIJS | All in 1 Piece | Wed Sep 02 1992 12:44 | 62 |
Hi Sunil,
Fortunately no "misfeature", everything was carefully planned to work
this way.
When creating/editing a profile, the only values which can be used in
the PRVAPP field are 'N', 'P' and 'A'. While editing, a post-processing
procedure (CM_SM_SWITCH_PRVAPP.SCP) will update the account for the
necessary identifiers.
The value of 'M' cannot be used. The reason is that we needed to
perform a lot of processing to make sure the ALL-IN-1 account was a
valid account to act as an application manager. While creating/editing
the account there wasn't enough info to decide this, so all code was
taken from the /VALID to the 2 new options on the SM$MUA form: NAM
(Nominate as application manager) and RAM (Remove application manager
privilege). These 2 options should be used to make an account an CM
Manager. Try it and you'll probably see the reason why.
You did some impressive hacking, but really, it's not necessary.
> The customer upgraded to 3.0 and has said that the
> ALL-IN-1 Managers account does not have the APP flag set to "M" nor
> can he find any other accounts having the APP flag set to "M".
During the upgrade information the PRVAPP field is converted to 'P' for
all V2.* programmers, and 'M' for the ALL-IN-1 account 'MANAGER'. If
the ALL-IN-1 Manager account is called different (like A1MGR) which has
been seen before, then no ALL-IN-1 account has application manager
access.
To come around this problem (AND THIS METHOD IS ONLY VALID BECAUSE WE
DEAL WITH AN GENUINE ALL-IN-1 MANAGER ACCOUNT!!! (is this disclaimer
enough ;-)?) perform:
<WRITE CHANGE PROFIL USER="<whatever name it has>", PRVAPP="M"
In any other case (2nd, 3rd,... application managers), use the option
NAM!!
In case 'MANAGER' wasn't 'MANAGER' also the CM$AUTH$USERS data set is
not complete as during the upgrade installation the initial Maintainer
for all application areas would be 'MANAGER'.
Correct this by (using the application manager account):
- Interactive calling CM$AUTH$USERS and modify the Manager entry for
Maintainer to 'Y'
- or something like:
FOR CM$AUTH$USERS WITH .USER == "<name of manager>" DO -
GET #KEY = .%KEY \\-
WRITE CHANGE CM$AUTH$USERS %KEY = #KEY, MANAGER = CM$_Y
HTH,
Simon
Ciao,
Simon
| |||||
| 1343.3 | The customer hacked the system - didn't use NAM | GIDDAY::SETHI | Man from Downunder | Fri Sep 04 1992 04:29 | 17 |
G'day,
I found both of the replies help and I have solved my problem. The
customer had been hacking around the system !!!!
I had to do a <write change profil user="name", create$fail = "0", this
flag was get to "3". Everything is working now.
I just want to add that we had Stuart Maurice visting us and I learnt
alot from him. The debug facility is a great improvement need I say
another pat on the back for the IOSG. Those of you who have hang up's
using debug, I can say once you have used it you won't want to use trace
if you can help it.
Thanks for your explainations
Sunil
| |||||
| 1343.4 | The reason for CREATE$FAIL | CESARE::EIJS | All in 1 Piece | Fri Sep 04 1992 13:10 | 12 |
Sunil,
The CREATE$FAIL field in PROFIL is used by the ALL-IN-1 Manager for the
status of an account. They use 0, 1 or 2. CM uses the field with value
3 to indicate that an account is being edited
(CM_SM_SWITCH_PRVAPP.SCP). This prevents a CM user from starting CM
with possible wrong level of access.
Ciao,
Simon
| |||||