× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. BPCS-L
  3. June 1999

Re: BPCS/36 4.4B to BPCS/400 6.1 Mixed Mode

  • Subject: Re: BPCS/36 4.4B to BPCS/400 6.1 Mixed Mode
  • From: MacWheel99@xxxxxxx
  • Date: Mon, 21 Jun 1999 16:11:37 EDT
 
> Subj:     ** BPCS System/36 4.4B to AS400 BPCS 6.1Mixed Mode **
>  From:        Forwiw@aol.com (Sandy)

One of the sub-topics of BPCS conversion - getting it right - is OS/400 
security

Even if you do the conversion as security officer there are still security 
problems.

Our AS/436 was installed at security level 40 on the advice of our IBM 
hardware partners.  We had to take it down to level 30 to get BPCS 405 to 
work --- interestingly BPCS S/36 ran fine at level 40 --- it is an open 
question at what security level the SSA conversion tools are designed to run 
--- I suspect that those at the low end will only work at the security level 
that the vanilla software of BPCS 2.0 ran when that was a valid BPCS version. 
 In other words, if your system is at security level 40, you may need to take 
it down to 30 during the conversion, which raises a number of other issues 
with your system's integrity.

For example, internet firewalls need security level 40.

Any objects created on an AS/400 get rules associated with the system's 
security level at time of creation & changing security level does not 
neccessarily change all the rules you want changed.

A key question is who should own the data at the far end of the conversion & 
who should have access to it.  If this topic is not addressed early in the 
conversion, you could end up with a ton of security issues with access to the 
converted data.

At Central Industries, user profile SSA owns the BPCS data.
Our users are members of SSA security group, in which any objects that we 
create belong, by default, to the group & anyone in the group may access any 
of them.  Several power users have figured out how to over-ride the defaults, 
then they ask me how to have other people access the stuff they created.

I found it expedient to create several conversion profiles that were both 
members of the SSA group and were full Master Security Officers - I would use 
them in rotation for conversion re-tries, studying the job logs associated 
with failed attempts for clues.  I also found it expedient to create an extra 
QBATCH2 JOBQ in QBATCH set up to ALWAYS generate a JobLog even on successful 
runs, because when something fails within SSA software, IBM does not always 
know that it is a failure, and we do not get a JobLog.

We need JobLogs to trace at what point SSA conversion failed, because there 
are messages that you either do not see on the screen, or do not comprehend 
full significance at the time they occurred.  There are such a huge pile of 
BS messages, that it is easy to ignore them, then only dig into the detail 
when a conversion step produced garbage.

During the conversion, I always tried to remember to signoff via SIGNOFF 
*LIST to force a joblog from my interactive session, which was easy to delete 
after I had finished verifying that nothing went wrong on that try.

IBM has some security standards & reccommendations that BPCS thumbs its nose 
at - you will find the IBM classes & manuals teaching a set of paradigms at 
considerable odds with SSA standards - don't let this throw you.

BPCS V6 works at IBM security level 40
BPCS V4 works at IBM security level 30

We can pay SSA to do modifications so that V4 will work at security level 40, 
but this also costs us SSA help line support, as discussed elsewhere.

Since SSA conversion tools were originally created for Versions that did not 
work at security level 40, it is reasonable to conclude that they also do not 
work there, at least through the 2.0.09 stage.

This might be a question to put to your SSA account representative.  What is 
the highest IBM security level that SSA conversion will work at, at each 
stage? - from S/36 to 2.0, from 2.0 to 2.0.09, from 2.0.09 to 6.1, applying 
CD.

You also need to check on what security level your system is at.
WRKSYSVAL *SEC - I don't remember which one - check your IBM Security 
Manuals, or just scroll through the settings.

If you are at security level 20, then this is probably not a problem for you, 
but most AS/400 sites are at 30 or 40.

Hoping that you find my tips to be on target.

Al Macintyre
+---
| This is the BPCS Users Mailing List!
| To submit a new message, send your mail to BPCS-L@midrange.com.
| To subscribe to this list send email to BPCS-L-SUB@midrange.com.
| To unsubscribe from this list send email to BPCS-L-UNSUB@midrange.com.
| Questions should be directed to the list owner: dasmussen@aol.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.