Atrium & Genie and users without command line access

[thutcheson]

We are currently enhancing our application to run within the Atrium framework and are rewriting a number of processes as Rich Display Files. However a number of our programs will remain as standard RPG and CL and will be served up within the Atrium tabs by using Genie.

We have set up an XML macro so that when we call one of the standard RPG programs with the Genie URL (and bypassing the signon using /auth) it goes through the inital pages and calls the program in question. This works fine for a user who logs on with command line access. However, it doesn't work for users who don't have command line access and are fed into a menu on logon. I am able to detect for the two different screens and take an action (e.g. if on menu screen, enter a menu #). However, I am at a loss on how to feed in a program call as a variable when there is no command line access.

One thought we had - create a prompt program to put on the menu that accepts a parameter and can call the program passed in - however, that somewhat bypasses the security and allows the user to make calls in green screen that they would not normally be able to make (assuming they could figure out what program to enter in the prompt).

Is there a best practice on how to address this situation without giving some form of command line access to users that shouldn't get access?

Thanks,
Tony

[Glenn]

One thought we had - create a prompt program to put on the menu that accepts a parameter and can call the program passed in - however, that somewhat bypasses the security and allows the user to make calls in green screen that they would not normally be able to make (assuming they could figure out what program to enter in the prompt).

Tony,

Your idea quoted above would work. You could add code to this program that would detect if the user is in Genie and allow the call to continue. If they are not in Genie it could show some sort of message or just return.

See the documentation here to check for Genie mode: http://www.profoundlogic.com/docs/displ ... Genie+mode

Glenn

[Scott Klement]

One idea is to make a *CMD with "Allow limited Users = Yes" in the command options. That will allow this command to be run from the command-line even for users who are "limited users" and so don't have command-line access. This is better than a prompt screen, because it doesn't have to "always come up" for the user, you can run it from the macro, and the user never knows about it. The command can then call the program.

Of course, this is still "security by obscurity" because if the user does find out about the command, they could bypass security.

One possible solution to that is to have this new *CMD that you build require a password. Don't tell the users the password, but have it coded into your Genie macro to send the password to the command. That way, the *CMD can really only be used by the Genie macro.

These are just thoughts from what I've seen other customers do.

The other option, of course, is to have the Genie macro navigate through your 5250 menu system and run the program as a menu option. That's really the way this was designed to work -- but most customers I've seen find that to be too *** when setting up Atrium, so fall back to an option like I describe above.

HTH