DSXchange

I should be able to define a set of no storage locations on disk. DataStage should check these setting in Globals and locally if defined to make sure that NO USER can write to these locations. These location might include installation locations, etc...

If I say,
NO_STORAGE_LOCATION_1=/dstage

Then, no user can write anything from any stage explicitly by selecting a said location of /dstage or lower. For example, /dstage/seq.txt Nope, you cannot store in that location. /dstage/abc/def.ds, nope you cannot store in location.

In addition, DataStage should not allow any user to navigate to such a location either. It should be filtered out.

Thanks.

DS should obey the OS security rules. Having another layer in a tool like DS opens doors to other problems.

eostic wrote:DS should obey the OS security rules. Having another layer in a tool like DS opens doors to other problems.

Yes, it should definately obey the OS security rule. In addition, I'd like it to obey these rules due to how Universe requires file permissions on the projects.

Thanks.

I think you missed Ernie's point. DataStage does obey the OS rules, particularly permissions. So it suffices to protect your "no storage" locations with operating system permissions and, probably, rigorous developer management practices.

This thread and this companion thread seem to be arguing for a "storage search list" - something akin to PATH and LD_LIBRARY_PATH, but for storage. I discussed this off line with the OP, who agrees with that assessment - that storage could only be allocated in directories in the search path or in its subdirectories.

From that dialogue I understand that he's managing (or herding cats) in a large project in which developers come and go, and seeks mechanisms for inviolably exerting management control over what they do.