× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. BPCS-L
  3. November 2006

Re: Reg : printer Session Restriction.

1. I think this is more a question for MIDRANGE-L or the SECURITY400 discussion group than BPCS-L.
2. One approach might be to setup a naming convention for printers so it is pretty obvious what department they are in, and to designate the spool files and printers as being owned by secondary security groups, that are also named so it is pretty obvious what is the group of accounting, production, purchasing, customer service, and so forth.
You will probably need to have an ISO procedure to manage the movement of devices across departments.
For example, suppose user-X with laptop shows up in dept-Y and plugs into the network there ... should user-X have access to dept-Y printers, because of convenient location, or be banned from access on basis of something other than standard naming conventions, which most any user can easily change at the workstation level.
Or suppose the printer in shipping breaks down, and needs to be repaired, so while waiting on that, the shipping dept has an urgent need to use another printer, and perhaps one being used by the factory reprint shop orders is best suited for this purpose, but no one in the shipping dept has authority to access that printer, so you have to have a procedure to implement substitution pretty darn fast, because the company not want to be doing hand written shipping documents.
Everyone in accounting dept is put into the accounting security group, which owns all the places that accounting reports are going to end up, and similarly for other departments. Existing reports would be going to spool files that the people in the depts have access to, then they can move their reports from their spool to the dept shared spool.
Depending on the structure of your company, you may have people who work several job functions ... engineering and production maintenace ... customer service and planning ... sales analysis and planning ... customer service and forecasting, etc. so some people will need to be in multiple security groups.
You need to figure out what you going to do about managers, who might have legitimate access to ALL dept reports. I believe there is a ceiling on how many groups a person can be in, and they can also do a performance hit.
These should be new names that no BPCS reports are currently going to, since you not want to bomb existing software, by in essence saying that anyone who runs this or that software, if they have not yet been setup in the relevant group, will cause that software to bomb because it is trying to output itself to a place the person running it does not have authority to.
Ultimately you may want to modify workstation control rules by user, so all their stuff is going to the OUTQ corresponding to the dept where they do most of their work, and you might want to change BPCS security so orxdinary users cannot change their workstation defaults in BPCS. Otherwise some curious person might change their defaults to printer in some dept whose data you consider to be rather confidential.
Several vendors that subscribe to BPCS-L have enhancements to BPCS security management ... you might ask if any of them have enhancements that are specific to report management. It may be that there is a plug in to do what you want. There's one enhancement that controls at the customer level, because if you have customer-A accessing your system to see where we are on work we doing for them, we might not want them to see what we are doing for customer-B. Well one of the security enhancements solves that granularity. 


Hello Everybody,

I need a help. We are wroking Os V5R3 on I series have Client Access and
application BPCS Ver. 8.2   .

We are trying to restrict the Printer Session to different Users. (Like
Accounts Dept Users should not access Purchase Dept Printer Session) Vice
Versa.
Can anyone help me out on how to limit the Printer session to Different
Departments.

Thanks a lot in advance.

Regards,
Vishu
<snip> confidentiality notice inapplicable to an Internet discussion group.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.