× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. BPCS-L
  3. December 2002

Re: User list???

GO ASSIST select messages to send, put cursor on who you sending message
to, F4 prompt and scroll.  Ignore the Q-people who are IBM owners of
various kinds of 400 objects.  You will probably have some other kinds of
dummy sign-ons that your Security staff will know about.

I figured out what API was being used to get at that GO ASSIST option to
send one message to any or all users, and added it to our BPCS user menus
so that end users did not need command line authority for the GO ASSIST
options.

Take a look at the AS/400 SECURITY Manuals or sign on as the security
officer and GO CMDSEC, GO CMDPRF, GO CMDAUT ... there are various different
ways you can list all users, with statistics on when they last signed on,
how long since they changed their password, what types of 400 security they
have.  Many of them also have *OUTFILE support.

In the short term, inside the window that GO CLEANUP keeps the data, DSPLOG
will help you see who signed on in the last few days, and what they sent to
JOBQ.  You can cursor on lines F1 to see message ids, jot them down, then
DSPLOG F4 F10 to second screen and select ONLY text lines of particular
message ids that interest you.  I have written a CL program to extract just
the lines relating to security violations, and other glitches that I want
to stay on top of.

I am using Security Auditing, but have not explored all the options
available (I have not strayed from my current agenda).

Do you have message queue SYSMSGQ?  If you create one, OS/400 will copy
there what is now buried in SYSOPRQ that IBM considers real serious (listed
in the WORK Management Manual) ... you can also go into WRKSYSVAL and
designate other message queues for various other types of error messages,
such as all that hardware communication connection junk, so as to organize
400 messages by category and make it easier to drill down to the ones you
really need to see.  More info about this kind of thing in MDRANGE-L archives.

When matching *OUTFILE with ZSC, be sure to include all BPCS
environments.  You might also include 400 security officers, because
sometimes consultants use 400 security officer to look at BPCS data instead
of using the front door of BPCS.  Look at everyone who can get into BPCS,
not just who is setup to get in.

RUNQRY *N then any file name = a quick eyeball at what is in that file ...
do that with each of the Z* files ... that is how I found where BPCS stored
info on who may access which BPCS User Menu options, from which I
constructed Query/400 lists of who has security access to which menus &
options.  We can always review one menu's security, or the security on one
person, but this gave me a big picture for security management.

Depending on your company policy for cleaning up spool files (ours is DO
NOT KILL AUDIT TRAILS UNTIL AFTER YOUR UPDATES HAVE GONE THROUGH BACKUP),
the odds are that anyone who recently was doing anything in BPCS other than
simple inquiry, has left some evidence of their visitation in the spool
file.  WRKUSRJOB F4 & explore different options.


Hello,
Is there a way i can compile a list of all users?
or last sign on/active dates?

We are on 6.002. and i am new to BPCS.

Thank you in advance.

Juan Robledo
Programmer Analyst

________

Al Macintyre
BPCS/400 Computer Janitor at http://www.globalwiretechnologies.com/
Al at home http://ryze.org/view.php?who=Al9Mac
Find BPCS Documentation Suppliers
http://radio.weblogs.com/0107846/stories/2002/11/08/bpcsDocSources.html

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.