|
> From: hason@pbsvb.cz (PBS Velka Bites, a.s. - AIS) > > AS400 BPCS v.6.004, mixed mode from Al Macintyre 405 CD mixed mode > Hi guys, > I had to create user (technician) with no authorizations to BPCS programs, > except SYS013C - workstation data area maintenance. > I have not succeded yet to give him authorization by SYS600. > It seems the single SYS programs authorization is done somehow differently? > > Thanks > Otto I have found that the SYS programs authorization is done pretty much the same way as all the other programs authorization, but there are some nuances ... this program calls that program ... if SYS-NO & individual stuff yes, then it ALL has to be identified that they need into ... in other areas I can say MRP-NO MRP300 MRP-other yes & people run those jobs & they call other jobs & they don't bomb. You have to be reading the second level help text on this stuff, especially the try & why did it fail ... and you have to be able to tell the difference between a BPCS error message & an IBM error message ... in areas of security violations they can look very similar. I have found it productive to take 2 approaches to extending specific narrow SYS authority to people who are considered to have technician responsibilities. Approach # 1 using 3 sessions me & the technican 1. I walk through the function we want to give the technician, with some JOBLOG capturing, and step by step look at what is in the job stack, figuring that all of that stuff is needed & adjust SYS600 accordingly 2. there is a session on SYS600 tweaking what the technician has access to 3. The technician sign-on is doing what I am doing in session -1 step by step until it fails - study the messages, adjust security accordingly, back up and try again Other times, we have the technician try, capture the error message, I study it, adjust security, ask the technician to try again. We have found in some cases that we have to make the technician somewhat higher than an ordinary *USER in IBM security, and there are some BPCS functions that can only be accessed by making EVERYONE a Master Security Officer & we decided that we did not want those functions since that was the price. Approach # 2 ... there is stuff that we get to via SYS short-cut, where we want technician to be able to get to that stuff but not have 100% SYS access implied by being able to use that short cut, and even though you can bypass the short-cuts by knowing the names of the menus & other menu navigation aids, there is sometimes the desire not to show a technician all this stuff that is available but we are not letting you touch it, thus I have a BPCS User Menu called FXS which means FIXES that all our technicians & power users can get to ... it has copies of fix options copied from vanilla menus that are filled with really dangerous stuff, that we don't want anyone trying to fool with. You might also check out the official SSA documentation on this topic that comes with the BPCS system... ours are in DOC = SSARUN92 SSALOG00 and SECURITY Al Macintyre +--- | This is the BPCS Users Mailing List! | To submit a new message, send your mail to BPCS-L@midrange.com. | To subscribe to this list send email to BPCS-L-SUB@midrange.com. | To unsubscribe from this list send email to BPCS-L-UNSUB@midrange.com. | Questions should be directed to the list owner: dasmussen@aol.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
