|
midrange.com
Dear Gerry ......
There was a May '04 post from Genyphyr Novak/SSA [inserted below]
about their OGS fix. It works, but the 'README' content mentioned by
Genyphyr demands a very time consuming implementation effort.
That makes the BMR approach much too expensive ... even for BPCS
users that have already paid the OGS invoice.
Unbeaten Path has invented an approach that mitigates every dimension
of the 'Adopted Rights' BPCS security problem. It's a pre-packaged
service at a very low fixed price. It's called 'Batten Down the Hatches'
http://unbeatenpathintl.com/battendown/source/1.html
Here's a pre-BPCS-fix/post-BPCS-fix internal control confirmation
process your auditor would like:
+> Run our 'Bill of Health Security Diagnostics and Rx for OS/400'
software before fixing the BPCS security hole. Bill of Health
would report a very large number of serious BPCS vulnerabilities
(it just about lights up the side of the building).
+> After BPCS security has been 'fixed,' run another Bill of Health
report. This time you should get a "CLEAN" Bill of Health (at
least with respect to the BPCS environment).
+> Then prospectively, each time some sensitive aspect about your
system changes or someone important leaves your company, run
Bill of Health again to quickly identify any "net change" in your
system security profile that demands attention.
A fully functional 'Bill of Health' demo is available.
http://www.unbeatenpathintl.com/BOH/source/1.html
Peace to you,
Bob Kohlndorfer
Unbeaten Path International
North America: (888) 874-8008
International: (262) 681-3151
contactus@xxxxxxxxxx
www.upisox.com
+++++++ +++++++ +++++++ +++++++ +++++++ +++++++
From: gerry harris
To: BPCS-L@xxxxxxxxxxxx
Sent: Wednesday, February 02, 2005 8:30 AM
Subject: [BPCS-L] Adopted Rights
Hello
V61.01 MM
Is it true when Users sign-on to BPCS they automatically adopt *All
authorities to all BPCS objects.
I searched in your archives and noticed some previous postings concerning
this issue. Someone mentioned SSA had BMRs and white papers to correct this
issue.
Unfortunately our shop has a NO-OGS policy. Is there a quick way to correct
this issue without re-inventing the wheel?
Thanks
+++++++ +++++++ +++++++ +++++++ +++++++ +++++++
From: Genyphyr Novak
To: SSA's BPCS ERP System
Sent: Tuesday, May 04, 2004
<snip>
... there are BMRs which allow the securing of the command line
in BPCS so that the user has the same authorities to objects both inside
and outside of BPCS from a command line.
The BPCS programs and database can then be secured so that users have
no authority to see/call them unless they are using a BPCS program and
the BPCS program performs the call or looks at or changes the data (the
SSA Group Profile on the iSeries user profile would actually be
removed at that stage).
I have mentioned this in past posts (in more detail) so check the
archives - the BPCS database and programs can be secured so that users
have no ability to run programs or see data unless they are in the BPCS
environment.
If you contact the iSeries OnePoint support team, they can give you
further details. There is a README provided with the BMR which
explains the steps required to implement this type of user/object
security in BPCS.
Thanks,
Genyphyr Novak
SSA Global R&D
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
