× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. BPCS-L
  3. February 2005

Re: Adopted Rights

Hello Gerry,

BPCS is shipped with all of the objects owned by the Group Profile SSA.
Normally all BPCS users are set up as members of the SSA group profile. This
gives them access to all of the BPCS objects with all rights. This system
worked well in the past when users only had green screens, as they could be
restricted from command line use. They could only access BPCS via the menus.
However, if your users have PCs, then this could be dangerous as they could
potentially access a BPCS file via something like MSAccess, and they would
be able to change or delete it, either deliberately or accidentally.
To prevent this happening, you could restrict BPCS users to green screen
apps, and give any that needed PC access (finance usually) separate user ids
that were not members of the SSA profile.
Or you could change the way things work by using 'adopted authority'
(another AS/400 term). To do this you would need to change a couple of
programs in BPCS, and then remove the SSA profile from your users. SSA have
a document that details how this can be done, or you could get help from us
(if you are in Europe), or someone like Unbeaten Path (if you are in the US)
at www.unbeatenpathintl.com
who also have some other Security oriented products.
The other issue to watch out for is (what happens at many BPCS sites) where
your SSA group profile has *Secofr authority (it only need have *User). Here
you could be giving your users access not only to accidentally deleting BPCS
files, but also to accidentally doing a power down sys or similar!!

Hope this helps,

Clare

Clare Holtham
Director, Small Blue Ltd - Archiving for BPCS
Web: www.smallblue.co.uk
IBM Certified iSeries Systems Professional
Email: Clare.Holtham@xxxxxxxxxxxxxxx

----- Original Message ----- 
From: "gerry harris" <harris_ger@xxxxxxxx>
To: <BPCS-L@xxxxxxxxxxxx>
Sent: Wednesday, February 02, 2005 2:30 PM
Subject: [BPCS-L] Adopted Rights


>
> Hello
>
> V61.01 MM
>
> Is it true when Users sign-on to BPCS they automatically adopt *All
authorities to all BPCS objects.
>
> I searched in your archives and noticed some previous postings concerning
this issue. Someone mentioned SSA had BMRs and white papers to correct this
issue.
>
> Unfortunately our shop has a NO-OGS policy. Is there a quick way to
correct this issue without re-inventing the wheel?
>
> Thanks
>
>
>
>
> ---------------------------------
> Post your free ad now! Yahoo! Canada Personals
> -- 
> This is the SSA's BPCS ERP System (BPCS-L) mailing list
> To post a message email: BPCS-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/bpcs-l
> or email: BPCS-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/bpcs-l.
>
> Delivered-To: Clare.Holtham@xxxxxxxxxxxxxx
>

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.