• Subject: RE: BPCS Security Concepts
  • From: Jon Le Roi <jonleroi@xxxxxxxxxxx>
  • Date: Tue, 20 Jul 1999 07:39:22 -0700

I do not think this is unique to the cliet server version nor just to BPCS.
MAPICS, Pansophic and BPCS all have a program that allows create, delete,
update and display of the master records for things like customers, vendors
and items. Every company I have worked for has written a unique version of
these programs to limit it to view only; a simple process but silly that it
is not provided as part of the package.

Regards,
Jon Le Roi



At 08:36 AM 7/20/99 -0500, you wrote:
>Based on the responses so far, I think the problems I have with update vs.
>inquiry security must be unique due to the fact that we are client/server.
>We are able to limit access by program with no problem.  So we don't allow
>people access to month-end programs, and we can limit their access to
>programs that are inquiry only, like INV300 and CST300 without any problem.
>Our problem happens on things like the vendor master, customer  master, or
>item master.  We can't give people access to just display the information.
>There is a file command in the menu bar at the top of the window that allows
>them to choose between create, copy, revise, delete, and display functions.
>We cannot limit which function they choose.
>
>
>Martha Bayer
>Badger Mining Corporation
>920-361-2388
>mbayer@badgerminingcorp.com
>
>
>       -----Original Message-----
>       From:   MacWheel99@aol.com [SMTP:MacWheel99@aol.com]
>       Sent:   Monday, July 19, 1999 3:21 PM
>       To:     BPCS-L@midrange.com
>       Subject:        Re: BPCS Security Concepts
>
>       > Subj: RE: BPCS Security - More information
>       >  From:        mbayer@badgerminingcorp.com (Martha Bayer)
>
>       >  We're on 6.0.02 CS AS/400.  We were told by SSA consultants that
>update vs.
>       >  inquiry security may be available in version 7.0.  I wonder how
>many others
>       >  think this is an important feature?  Has any one found a way
>around it?
>
>       Update vs. Inquiry security is available in version 405 CD - did it
>go away 
>       in V6 or am I not understanding something?
>
>       My understanding of this is that INQUIRY is where people can view
>data via 
>       INV300 SFC350 CST300 etc. while update means people can run jobs
>that update 
>       the BPCS data base such as ORD500 JIT600 etc.
>
>       One headache with 405 CD security is the group security is an all or
>nothing 
>       everyone same rules, so to offer different IBM rules to some user
>sub-groups, 
>       we have to risk a performance hit by having secondary user groups.
>
>       Another headache is that we have users who have had to be granted
>command 
>       line authority, and been shown how to do some support tunctions for
>narrow 
>       reasons, then used their know-how & access in ways I consider quite 
>       dangerous, like DFU vs. BPCS file contents.
>
>       > Subj: Re: BPCS Security - More information
>       >  From:        mkamara@krupsusa.com
>       >  
>       >   We're on 6.0.04 MM,  AS/400 720 V4R3 and new to BPCS.  We are a
>       >  wholesale/distribution company in the US.  I have set up basic
>security
>       >  given access to the modules based on departments.  I will like to
>have a
>       >  tighter control without affecting performance where some users
>will update
>       >  capabilities and others have inquiry only.
>
>       Check BPCS Documentation - there is an outline of how the security
>works.
>
>       Whatever consultant helped you get setup might have additional 
>       reccommendations on this topic.  Take a look at how work station
>defaults are 
>       changed & if you want end users doing that.  Who should be making
>changes to 
>       BPCS User Menus?  Does every module have a manager who decides who
>all should 
>       have what kind of access to which areas?  Usually the department
>head says 
>       anyone can inquire into our stuff but only people in our department
>ought to 
>       be changing the contents & here is a list of users in our
>department.  Some 
>       data is more sensitive than others, such as profit margins.  Do you
>want or 
>       need people to be able to manipulate / view the contents of other
>people's 
>       reports?
>
>       Check BPCS_L archives for remarks I made on BPCS Security several
>months ago.
>
>       The things that were the major conceptual stumbling blocks for my
>project 
>       team personnel regarding comprehending security issues.
>
>       1. The SFC600 Module List works on basis of OPPOSITES.
>
>       Some people we have coded NO to all modules, then down below listed
>just the 
>       programs we want them to be able to run, such as some inquiries &
>pop-up 
>       menus.
>
>       These people are coded N in the list of modules, so that the
>programs listed 
>       below are what are YES for them.
>
>       Some people we want them to be able to do just about anything in a
>particular 
>       module, such as SFC & JIT, but we say NO to end-of-month stuff like
>SFC905 & 
>       JIT900.
>
>       Those folks are coded Y for the overall modules - so that the stuff
>down 
>       below on that module are the NO exceptions we do not want them to
>get into 
>       for whatever reason.
>
>       2. Anyone can make a mistake & take a wrong menu option & get into
>trouble - 
>       for example we had some people taking some end-of-month options &
>trying to 
>       exit & in their frustration, causing unwanted updates.
>
>       As the block of opposites grows, and as people's security needs to
>be 
>       changed, we want to keep the picture easy to read, so we organize
>the stuff 
>       generally A to Z left to right & 1 to 10 top to bottom.
>
>       3. A query can have any name, but to run it from BPCS Menu, it needs
>to be 
>       named logically within the BPCS naming conventions, avoid risk of
>conflict 
>       with future PTF, and fit within the security rules.  Our
>modifications & 
>       queries use the 3 letter prefix of ORD INV etc. but by the 6th
>character have 
>       shifted alphabetical.  We have some power users who create queries,
>create 
>       the CL to run them, and put the CL on BPCS User Menus.  This
>capability 
>       requires command line authority, right SYS stuff for the menus, IBM 
>       Programmer Authority to compile the CL, and support to cross library
>lists 
>       when copying a query between 2 different environments.
>
>       4. We can muck with additional rules on how BPCS Security functions,
>and 
>       change IBM commands, but let's not add to the complexity of Security
>if we do 
>       not want to make this a full time job.
>
>       On IBM Security - you might want to make the first place people go =
>the BPCS 
>       Menu for their environment, then the second place where they go,
>when they F3 
>       out of BPCS to be *SIGNOFF, so only people who know how with either
>command 
>       line authority, or other stuff, can get into OS/400 menus.
>
>       We are in constant struggle of WHY DOES THIS PERSON NEED COMMAND
>LINE 
>       AUTHORITY?  The main reason is they were taught how to do something
>by 
>       someone who did not think computer security was especially
>important, and are 
>       now more comfortable navigating via that method than the vanilla
>menus.
>
>       We have created CL for BPCS User Menu to do many of the things that
>people 
>       said were the reasons why they needed access to IBM Menus.
>
>       I hope this helps
>
>       Al Macintyre
>       +---
>       | This is the BPCS Users Mailing List!
>       | To submit a new message, send your mail to BPCS-L@midrange.com.
>       | To subscribe to this list send email to BPCS-L-SUB@midrange.com.
>       | To unsubscribe from this list send email to
>BPCS-L-UNSUB@midrange.com.
>       | Questions should be directed to the list owner: dasmussen@aol.com
>       +---
>+---
>| This is the BPCS Users Mailing List!
>| To submit a new message, send your mail to BPCS-L@midrange.com.
>| To subscribe to this list send email to BPCS-L-SUB@midrange.com.
>| To unsubscribe from this list send email to BPCS-L-UNSUB@midrange.com.
>| Questions should be directed to the list owner: dasmussen@aol.com
>+---


+---
| This is the BPCS Users Mailing List!
| To submit a new message, send your mail to BPCS-L@midrange.com.
| To subscribe to this list send email to BPCS-L-SUB@midrange.com.
| To unsubscribe from this list send email to BPCS-L-UNSUB@midrange.com.
| Questions should be directed to the list owner: dasmussen@aol.com
+---


This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact [javascript protected email address].