|
> From: jbpcs8@yahoo.com (J S) > Hello All, > We are having BPCS ver 4.03. > How does AS/400 adopted authority work and how to > disable adopted authority given by BPCS intial program > Jigs We are BPCS ver 4.05 CD which I suspect will be very similar o your reality. However, 4.03 is not native Y2K compliant so you must be using some non-SSA software to accomplish the same effect & that other software must have stuff that is not native SSA. You may need to talk with the vendor involved. 100% of BPCS users are in one humongous user group called SSA. With multiple environments you can have multiple groups - one per environment, but we are using the same execution software against different sets of files. This user group SSA owns all objects in BPCS - files & software. Now there is an upper limit imposed by IBM on how many objects one owner can have. All members of the user group have IBM ownership privileges bestowed upon them for all BPCS objects by virtue of being in the SSA user group. Any objects created by members of the group become owned by the group SSA. That is in IBM terms. There is also SSA security that dictates which BPCS programs may be run from BPCS menus by members of the group, and once in various programs what filters & transaction types they can mess with, and also which secondary menus they can even get to, but since everyone has ownership privileges to all BPCS objects, that means that if security or corporate lets them get to a command line or to a PC, they can do ANYTHING to any of the BPCS files, provided they figure out how to use the tools that are in abundance to do so. The BPCS initial program does a bunch of stuff, such as setting up the library list for the current environment & providing the humongous menu of menus. AS/400 adopted authority is not in this picture. As I understand adopted authority, there can be scenarios in which we want to do something in a program that normally is only authorized for some high security role, so a program can be setup to adopt that high security role until the program has completed executing, then the user's authority reverts to normal. A problem is that a savvy user, before the program with adopted authority has completed running, can do other stuff that is authorized to the high security role, other than what is built into the program. However, BPCS is not into that as far as I can tell. AS/400 security is a huge topic & you may need to explore other forums than BPCS_L. There are several manuals that I consider to be my bibles for AS/400 security & I believe there is no such thing as too much education on AS/400 security. Perhaps you need to spell out a little more why you think you need to disable a function that I do not believe is relevant to how BPCS security functions. MacWheel99@aol.com (Alister Wm Macintyre) (Al Mac) AS/400 Data Manager & Programmer for BPCS 405 CD Rel-02 mixed mode (twinax interactive & batch) @ http://www.cen-elec.com Central Industries of Indiana--->Quality manufacturer of wire harnesses and electrical sub-assemblies - fax # 812-424-6838 +--- | This is the BPCS Users Mailing List! | To submit a new message, send your mail to BPCS-L@midrange.com. | To subscribe to this list send email to BPCS-L-SUB@midrange.com. | To unsubscribe from this list send email to BPCS-L-UNSUB@midrange.com. | Questions should be directed to the list owner: dasmussen@aol.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
