I should be able to define a set of no storage locations on disk. DataStage should check these setting in Globals and locally if defined to make sure that NO USER can write to these locations. These location might include installation locations, etc...
If I say,
NO_STORAGE_LOCATION_1=/dstage
Then, no user can write anything from any stage explicitly by selecting a said location of /dstage or lower. For example, /dstage/seq.txt Nope, you cannot store in that location. /dstage/abc/def.ds, nope you cannot store in location.
In addition, DataStage should not allow any user to navigate to such a location either. It should be filtered out.
Thanks.
No storage locations should be able to defined.
-
- Participant
- Posts: 407
- Joined: Mon Jun 27, 2005 8:54 am
- Location: Walker, Michigan
- Contact:
DS should obey the OS security rules. Having another layer in a tool like DS opens doors to other problems.
Ernie Ostic
blogit!
<a href="https://dsrealtime.wordpress.com/2015/0 ... ere/">Open IGC is Here!</a>
blogit!
<a href="https://dsrealtime.wordpress.com/2015/0 ... ere/">Open IGC is Here!</a>
-
- Participant
- Posts: 407
- Joined: Mon Jun 27, 2005 8:54 am
- Location: Walker, Michigan
- Contact:
Yes, it should definately obey the OS security rule. In addition, I'd like it to obey these rules due to how Universe requires file permissions on the projects.eostic wrote:DS should obey the OS security rules. Having another layer in a tool like DS opens doors to other problems.
Thanks.
Last edited by Ultramundane on Mon Jun 21, 2010 5:06 pm, edited 1 time in total.
-
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
I think you missed Ernie's point. DataStage does obey the OS rules, particularly permissions. So it suffices to protect your "no storage" locations with operating system permissions and, probably, rigorous developer management practices.
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
-
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
This thread and this companion thread seem to be arguing for a "storage search list" - something akin to PATH and LD_LIBRARY_PATH, but for storage. I discussed this off line with the OP, who agrees with that assessment - that storage could only be allocated in directories in the search path or in its subdirectories.
From that dialogue I understand that he's managing (or herding cats) in a large project in which developers come and go, and seeks mechanisms for inviolably exerting management control over what they do.
From that dialogue I understand that he's managing (or herding cats) in a large project in which developers come and go, and seeks mechanisms for inviolably exerting management control over what they do.
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.