DSXchange: DataStage and IBM Websphere Data Integration Forum
View next topic
View previous topic
Add To Favorites
Author Message
Ultramundane
Participant



Joined: 27 Jun 2005
Posts: 407
Location: Walker, Michigan
Points: 3669

Post Posted: Sun Jun 20, 2010 6:31 pm Reply with quote    Back to top    

I should be able to define a set of no storage locations on disk. DataStage should check these setting in Globals and locally if defined to make sure that NO USER can write to these locations. These location might include installation locations, etc...

If I say,
NO_STORAGE_LOCATION_1=/dstage

Then, no user can write anything from any stage explicitly by selecting a said location of /dstage or lower. For example, /dstage/seq.txt Nope, you cannot store in that location. /dstage/abc/def.ds, nope you cannot store in location.

In addition, DataStage should not allow any user to navigate to such a location either. It should be filtered out.

Thanks.
eostic

Premium Poster



Group memberships:
Premium Members

Joined: 17 Oct 2005
Posts: 3825

Points: 30845

Post Posted: Mon Jun 21, 2010 6:14 am Reply with quote    Back to top    

DS should obey the OS security rules. Having another layer in a tool like DS opens doors to other problems.

_________________
Ernie Ostic

blogit!
Open IGC is Here!
Rate this response:  
Not yet rated
Ultramundane
Participant



Joined: 27 Jun 2005
Posts: 407
Location: Walker, Michigan
Points: 3669

Post Posted: Mon Jun 21, 2010 6:44 am Reply with quote    Back to top    

eostic wrote:
DS should obey the OS security rules. Having another layer in a tool like DS opens doors to other problems.

Yes, it should definately obey the OS security rule. In addition, I'd like it to obey these rules due to how Universe requires file permissions on the projects.

Thanks.


Last edited by Ultramundane on Mon Jun 21, 2010 5:06 pm; edited 1 time in total
Rate this response:  
Not yet rated
ray.wurlod

Premium Poster
Participant

Group memberships:
Premium Members, Inner Circle, Australia Usergroup, Server to Parallel Transition Group

Joined: 23 Oct 2002
Posts: 54546
Location: Sydney, Australia
Points: 295766

Post Posted: Mon Jun 21, 2010 4:57 pm Reply with quote    Back to top    

I think you missed Ernie's point. DataStage does obey the OS rules, particularly permissions. So it suffices to protect your "no storage" locations with operating system permissions and, probably, rigorous developer management practices.

_________________
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
Rate this response:  
Not yet rated
ray.wurlod

Premium Poster
Participant

Group memberships:
Premium Members, Inner Circle, Australia Usergroup, Server to Parallel Transition Group

Joined: 23 Oct 2002
Posts: 54546
Location: Sydney, Australia
Points: 295766

Post Posted: Mon Jun 21, 2010 8:19 pm Reply with quote    Back to top    

This thread and this companion thread seem to be arguing for a "storage search list" - something akin to PATH and LD_LIBRARY_PATH, but for storage. I discussed this off line with the OP, who agrees with that assessment - that storage could only be allocated in directories in the search path or in its subdirectories.

From that dialogue I understand that he's managing (or herding cats) in a large project in which developers come and go, and seeks mechanisms for inviolably exerting management control over what they do.

_________________
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
Rate this response:  
Not yet rated
Display posts from previous:       

Add To Favorites
View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2002 phpBB Group
Theme & Graphics by Daz :: Portal by Smartor
All times are GMT - 6 Hours