× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Anything is possible ... the issue is how much trouble to program this.

An RPG program can call a CL program or another RPG program.
The function of the called program is to look up the security rules, user profile, application security, whatever, and return a code regarding permission to access something.

e.g. ordinary users are not allowed to view profit = price minus cost data
e.g. users assigned to a particular facility, are only allowed to view records associated with that facility, unless there is a code by the user, giving them access to more.

If you want to enforce such rules, then you need to have a broader look at your total security enforcement.

Example: we had an accounting lady several years ago who would go into computer rrom and lock the door because she was printing something she thought was highly confidential. This made people very curious, so people with command line access would key in WRKSPLF her name, or WRKOUTQ the printer in there, and look on screen at the report she printing.

I suggested to management that I alter the spool rules so that her stuff go into a different OUTQ than the one shared with the rest of the office & I was told not needed ... apparently this was a quirk of the lady, not something her boss thought was that confidential.

Take a look at your application security.

Ours has a whole bunch of things we may or may not want people into,
so there is like an array on each user-name

They can get into General Ledger, or not
They can view Cost Data, but not update it
They have access to only certain branches

This means that different people running the same identical programs are going to have different mixtures of stuff they can access.

Then programs at execution time ... the user tries to get into GL, or Costs, or this or that branch, and the program calls the security check program ... may this user get into that stuff, yes or no, with the calling program giving the user an error message if they try to access something they not allowed to.

The security program also sends a message to the security message queue, listing each instance of someone trying to violate security. We can then sort those messages on users, violations, etc. so if there's a lot of the same kind, then that's a tip off that there needs to be more user training, or ask the boss of the users involved, if those people supposed to get an upgrade in their access privileges.

This kind of security is absolutely critical when you go out on the Internet.

Suppose you have files on the work you are doing for various customers.
They can be customer order files, work in progress production filles, engineering specification files, accounting status files.

You want any given customer to be able to view the data in your computer system on the work you are doing on behalf of them, the status of their orders, the status of $ they owe you. But you do not want any customer to see this info on some other customer.

Excellent answer and thank you so much.


I have one more question, may be it is stupid one but just wanted to
check:

Q: If one file (Say File1) having 30 records, so I need select records
based on branch and also need to provide access only to that branch
users(idea is one branch records should not be accessed by another
branch people though all branched data available in single file. How do
we restrict date at record level).
As per my knowledge it is not possible to restrict user at record level
but if any one of us having better idea to do this particular one, it
will be great.



Thanks,
Raghu


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Loyd Goodbar
Sent: Thursday, 2 October 2008 12:18 PM
To: Midrange Systems Technical Discussion
Subject: Re: Need to restrict users on data transfer using Client
Access.

The easiest way I've found is via group membership. Create a group
profile,
such as NODOWNLOAD, NOUPLOAD, or NOTRANSFER, depending on what you want
to
restrict. Fire up iSeries Navigator. Expand Users and groups, select the
group and go into Properties. Click on the Capabilities button, then the
Applications tab, then select the Client Applications pulldown. There
you
can expand the various client options and make the desired changes.

HTH,
Loyd

On Wed, Oct 1, 2008 at 7:57 PM, Beeram, Raghunath Reddy <
Raghunath.Beeram@xxxxxxxxxx> wrote:

> Hi,
>
>
>
> Can any one answer to the above subject question please
>
>
>
>
>
> Thanks,
>
> Ragghu
>
>
>
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


************** IMPORTANT MESSAGE *****************************
This e-mail message is intended only for the addressee(s) and contains information which may be
confidential.
If you are not the intended recipient please advise the sender by return email, do not use or
disclose the contents, and delete the message and any attachments from your system. Unless
specifically indicated, this email does not constitute formal advice or commitment by the sender
or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries.
We can be contacted through our web site: commbank.com.au.
If you no longer wish to receive commercial electronic messages from us, please reply to this
e-mail by typing Unsubscribe in the subject line.
**************************************************************



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.