Microsoft KB Archive/158775: Difference between revisions

From BetaArchive Wiki
(importing KB archive)
 
m (Text replacement - """ to """)
 
Line 99: Line 99:


</div>
</div>
In the above configuration example, a single instance of &quot;3270POOL&quot; is granted to the Domain Users group, while three instances of &quot;3270POOL are granted to JohnDoe.<br />
In the above configuration example, a single instance of "3270POOL" is granted to the Domain Users group, while three instances of "3270POOL are granted to JohnDoe.<br />
<br />
<br />
When a 3270 emulator is started, it requests the user's 3270 record by calling the SNA Server client &quot;sepdcrec&quot; function. The SNA client then returns a data structure (tecwrkus) to the 3270 emulator (documented in the &quot;SNA Server Emulator Interface Guide,&quot; Chapter 6: &quot;Configuration Information&quot;), including:
When a 3270 emulator is started, it requests the user's 3270 record by calling the SNA Server client "sepdcrec" function. The SNA client then returns a data structure (tecwrkus) to the 3270 emulator (documented in the "SNA Server Emulator Interface Guide," Chapter 6: "Configuration Information"), including:
* list of 3270 LUs assigned to the user or group (cwsesdat[10] and cwremap[] list)
* list of 3270 LUs assigned to the user or group (cwsesdat[10] and cwremap[] list)
* maximum number of active sessions to allow (cwmaxses)
* maximum number of active sessions to allow (cwmaxses)
* number of sessions for this user (cwnumrec)
* number of sessions for this user (cwnumrec)


If JohnDoe starts a 3270 session, the SNA client returns three instances of &quot;3270POOL&quot; to the 3270 emulator (even if JohnDoe is a member of the Domain Users group). The emulator should allow up to three instances of &quot;3270POOL&quot; to be opened, but no more.<br />
If JohnDoe starts a 3270 session, the SNA client returns three instances of "3270POOL" to the 3270 emulator (even if JohnDoe is a member of the Domain Users group). The emulator should allow up to three instances of "3270POOL" to be opened, but no more.<br />
<br />
<br />
If a user is a member of the Domain Users group, and a 3270 session is started, the SNA client returns a single instance of &quot;3270POOL&quot; to the 3270 emulator. The emulator should only allow a single instance of the pool to be opened by the user.<br />
If a user is a member of the Domain Users group, and a 3270 session is started, the SNA client returns a single instance of "3270POOL" to the 3270 emulator. The emulator should only allow a single instance of the pool to be opened by the user.<br />
<br />
<br />
The third-party products discussed here are manufactured by vendors independent of Microsoft; we make no warranty, implied or otherwise, regarding these products' performance or reliability.
The third-party products discussed here are manufactured by vendors independent of Microsoft; we make no warranty, implied or otherwise, regarding these products' performance or reliability.

Latest revision as of 10:14, 21 July 2020

Knowledge Base


3270 emulator fails to enforce SNA user/group assignments

Article ID: 158775

Article Last Modified on 2/22/2007


APPLIES TO

  • Microsoft SNA Server 2.0
  • Microsoft SNA Server 2.1
  • Microsoft SNA Server 3.0
  • Microsoft SNA Server 3.0 Service Pack 4
  • Microsoft SNA Server 4.0
  • Microsoft SNA Server 4.0 Service Pack 4
  • Microsoft Host Integration Server 2000 Standard Edition
  • Microsoft Host Integration Server 2000 Service Pack 1


This article was previously published under Q158775

SUMMARY

The following problems have been observed by various third party 3270 emulation products when being used with SNA Server:

  1. A User is allowed to open multiple instances of same pool


When you assign a single pooled 3270 LU to a user or group using the SNA Server Administrator program or SNA Server Manager, the 3270 emulator being used should not allow the user to open multiple sessions through a single instance of the pool. However, in some cases it does allow the user to open multiple instances of the pool.

This problem has been observed with some third-party emulators that do not closely follow the SNA Server 3270 Emulator Interface Specification. SNA Server does not prevent the emulator from attempting to open multiple instances of a single pooled LU, because the client may be communicating through multiple SNA Servers.

To grant access to multiple pooled sessions, the administrator must grant multiple instances of a pooled LU to the user or group.

The following products are known to exhibit this problem:

    • IBM Personal Communications/3270 v4.0 (fix available from IBM)
    • Attachmate Extra! Personal Client v6.1 (32-bit)
  2. A User is allowed to manually enter a 3270 LU or pool to open


Some emulators allow the user to manually configure the 3270 LU name or pool name for a user to open. However, this circumvents the User/Group/Workstation 3270 LU assignments configured on the SNA Server. While a user will not be allowed to open an LU that they do not have access to on the server, the emulator should only display a list of LU's assigned to the user (which the emulator retrieves by calling the sepdcrec() SNA client API function).


MORE INFORMATION

The following describes issue #2 in more detail:

The administrator grants access to 3270 LU's to users or groups.

In SNA Server Admin (2.x) or Manager (3.x) you may have the following configured, for example:

LU Pool:

  • 3270POOL: 3270 LU pool name
  • contains multiple 3270 LU's of same type, from multiple connections and/or servers

NTDOMAIN\Domain Users

Session 1: 3270POOL


NTDOMAIN\JohnDoe

Session 1: 3270POOL
Session 2: 3270POOL
Session 3: 3270POOL


In the above configuration example, a single instance of "3270POOL" is granted to the Domain Users group, while three instances of "3270POOL are granted to JohnDoe.

When a 3270 emulator is started, it requests the user's 3270 record by calling the SNA Server client "sepdcrec" function. The SNA client then returns a data structure (tecwrkus) to the 3270 emulator (documented in the "SNA Server Emulator Interface Guide," Chapter 6: "Configuration Information"), including:

  • list of 3270 LUs assigned to the user or group (cwsesdat[10] and cwremap[] list)
  • maximum number of active sessions to allow (cwmaxses)
  • number of sessions for this user (cwnumrec)

If JohnDoe starts a 3270 session, the SNA client returns three instances of "3270POOL" to the 3270 emulator (even if JohnDoe is a member of the Domain Users group). The emulator should allow up to three instances of "3270POOL" to be opened, but no more.

If a user is a member of the Domain Users group, and a 3270 session is started, the SNA client returns a single instance of "3270POOL" to the 3270 emulator. The emulator should only allow a single instance of the pool to be opened by the user.

The third-party products discussed here are manufactured by vendors independent of Microsoft; we make no warranty, implied or otherwise, regarding these products' performance or reliability.


Additional query words: prodsna

Keywords: kb3rdparty kbprb kbprogramming kbusage KB158775



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/158775&oldid=327816
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki