|
Hi Al, As delivered, BPCS CD objects should have been owned by user SSA. It was recommended that the BPCS users be given a Group ID of SSA with Owner of GRPPRF, and that set up should cause any object these users create to be owned by SSA. Perhaps some users with a different Group ID created objects and put them into the BPCS environment? As regards authority lists, I am not sure exactly what you mean by that - under the recommended security set-up, any user in BPCS would still have authority to all the objects and data due to the SSA Group Profile as long as SSA owned them. If someone else owned the object, then it would be a matter of whether or not that user ID or the SSA Group was authorized to the object, and also what the object itself had set as PUBLIC authority or any lists on the individual object. Perhaps someone has tried to use authorization lists and different user IDs in your environment in an attempt to secure source files or sensitive data from prying eyes? I should also mention that this is Group ID is no longer the only way to set up BPCS security, on new releases such as V6.x and V8. While the original way that BPCS was delivered definitely worked, it gave the administrator no way to secure the database from outside SQL or DBU changes - all users have the authority to change the database under this set-up and if there are PCs on site, this can be done via downloading and uploading data to a PC database - even if the user has no command line access on green screen. With either V8 *BASE release, or in any V6.x release using BMR 51582, security can be set up in BPCS using a combination of Adopted Authority and AS/400 security settings so that users will only be able to change BPCS data files via running BPCS (or other properly owned) programs, and not through any raw SQL/DBU command line or ODBC interface. README documents and install instructions explain the procedures to use the new security set up. Thanks, Genyphyr Novak SSA GT ----- Original Message ----- From: <MacWheel99@aol.com> To: "BPCS Users Discussion Group" <BPCS-L@midrange.com> Sent: Wednesday, January 16, 2002 4:18 AM Subject: BPCS Object Ownership > Check out today's MIDRANGE_L archive threads on > > Authority Issue & > listing of objects and their owners > > This revealed a possible risk of objects being created in BPCS libraries that > should belong to the group, but in fact do not, and one possible cause of > this is an error is adopted authority settings. > > I tried WRKOBJ *ALL objects of OBJTYPE(*AUTL) which identifies all objects > that are controlled by an authority list & we have a bunch ... some IBM > objects whose function I not yet know, *TEST, Conversion, and main source > code. > > My question is whether native BPCS 405 CD is supposed to have any authority > lists. > > My suspicion is that some outside consultants messed with some of our stuff > in error, I not want to point any fingers, I just want to fix it if it is not > supposed to be there. > > I had occasion recently to restore BPCS files from our backup, thanks to an > oops with a new program to clean out a few hundred thousand records coded for > deletion, that do not go away with any vanilla action & I printed audit trail > just in case ... lo & behold, there are several objects that do not belong to > SSA ... I am pretty sure I know how that happened & I will fix the objects I > know about. > > MacWheel99@aol.com (Alister Wm Macintyre) (Al Mac)
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
