|
From Al Macintyre > From: logic_km@hotmail.com (kha lid) > We have BPCS 405 CD version on AS/400. We also > I want to give access of query/400 to my users. > But I don't want them to see beyond their scope. > For example sales department should not view GJD,GGM files etc. And other departments should not view credit card bills of sales department business trips, and some folks get snippy about who should be subtracting cost of goods from dollars billed to get profit then divide by quantity shipped to get percentage profit & other interesting numbers. But I think the really bad thing is when user-A creates a query that is flawed & giving out BAD DATA user-B uses the data as gospel & not have any idea how to tell what not right > Since group profile of each user is SSA which is the owner of all BPCS > objects including logical & physical files; hence it is not possible to > restrict any user to see beyond its scope. > > I have many users and it is not possible for me to create new account (with > limited access) for each user to restrict them with-in their scope. > > Any idea to over come this situation. Quite simply our solution is to have some people WE TRUST to cooperate with a SECURITY POLICY, and we have some Query Definition Libraries that are NOT in the SSA library list ... there is some CL that adds the relevant query library temporarily to the library list, runs a string of queries, then removes the library, then ends. The end user runs this off of a BPCS User Menu, in which the prefix to the job is in agreement with BPCS security. I created a secondary security group for the trusted group of query creators, so that they would be easily able to copy queries between library lists of different environments, and get the right files adjusted in these moves ... God forbid that anyone might create a query linking 2 environments. Queries that list the contents of General Ledger start with the letters GLD then they have some ALPHA characters so they won't conflict with anything from SSA, and by having GLD in front, only people who are authorized to run GLD stuff, by the SSA security, gets to run this Query. For every ONE person whom we have trusted with programmer authority (needed to compile the CL) there are TEN persons running the Query/400 CL that they have created. We also have more people who are competent at creating queries than we have who know all the stuff about getting the CL working good, and a large number who know how to add one of these CLs to the BPCS User Menu of choice, which of course we can limit through BPCS Security who allowed to do this, so basically we have enough people who are trusted to do certain things & get the job done, and a huge army of others actually using the queries but not having access to changing them, other than selection criteria at run time. The only holes in this game plan are the numbers of people whose bosses insist that they have to have command line authority & the numbers of high level managers who are eager to dive into Query without first learning the rules ... no matter how often I tell these people that there is a certain risk naming their Query program with some name like INV300C or their query work file with the name BPCS uses for Item Master, they do not seem to get it. We have been quite lucky so far, thanks to me forcing library list additions of queries to the bottom of the library list so any sabotage does not rise above the real thing. Al Macintyre ©¿© http://www.cen-elec.com MIS Manager Programmer & Computer Janitor +--- | This is the BPCS Users Mailing List! | To submit a new message, send your mail to BPCS-L@midrange.com. | To subscribe to this list send email to BPCS-L-SUB@midrange.com. | To unsubscribe from this list send email to BPCS-L-UNSUB@midrange.com. | Questions should be directed to the list owner: dasmussen@aol.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.