× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Hi Al,

As delivered, BPCS CD objects should have been owned by user SSA. It was
recommended that the BPCS users be given a Group ID of SSA with Owner of
GRPPRF, and that set up should cause any object these users create to be
owned by SSA. Perhaps some users with a different Group ID created objects
and put them into the BPCS environment?

As regards authority lists, I am not sure exactly what you mean by that -
under the recommended security set-up, any user in BPCS would still have
authority to all the objects and data due to the SSA Group Profile as long
as SSA owned them. If someone else owned the object, then it would be a
matter of whether or not that user ID or the SSA Group was authorized to the
object, and also what the object itself had set as PUBLIC authority or any
lists on the individual object. Perhaps someone has tried to use
authorization lists and different user IDs in your environment in an attempt
to secure source files or sensitive data from prying eyes?

I should also mention that this is Group ID is no longer the only way to set
up BPCS security, on new releases such as V6.x and V8. While the original
way that BPCS was delivered definitely worked, it gave the administrator no
way to secure the database from outside SQL or DBU changes - all users have
the authority to change the database under this set-up and if there are PCs
on site, this can be done via downloading and uploading data to a PC
database - even if the user has no command line access on green screen.

With either V8 *BASE release, or in any V6.x release using BMR 51582,
security can be set up in BPCS using a combination of Adopted Authority and
AS/400 security settings so that users will only be able to change BPCS data
files via running BPCS (or other properly owned) programs, and not through
any raw SQL/DBU command line or ODBC interface. README documents and install
instructions explain the procedures to use the new security set up.

Thanks,

Genyphyr Novak
SSA GT
----- Original Message -----
From: <MacWheel99@aol.com>
To: "BPCS Users Discussion Group" <BPCS-L@midrange.com>
Sent: Wednesday, January 16, 2002 4:18 AM
Subject: BPCS Object Ownership


> Check out today's MIDRANGE_L archive threads on
>
> Authority Issue &
> listing of objects and their owners
>
> This revealed a possible risk of objects being created in BPCS libraries
that
> should belong to the group, but in fact do not, and one possible cause of
> this is an error is adopted authority settings.
>
> I tried WRKOBJ *ALL objects of OBJTYPE(*AUTL) which identifies all objects
> that are controlled by an authority list & we have a bunch ... some IBM
> objects whose function I not yet know, *TEST, Conversion, and main source
> code.
>
> My question is whether native BPCS 405 CD is supposed to have any
authority
> lists.
>
> My suspicion is that some outside consultants messed with some of our
stuff
> in error, I not want to point any fingers, I just want to fix it if it is
not
> supposed to be there.
>
> I had occasion recently to restore BPCS files from our backup, thanks to
an
> oops with a new program to clean out a few hundred thousand records coded
for
> deletion, that do not go away with any vanilla action & I printed audit
trail
> just in case ... lo & behold, there are several objects that do not belong
to
> SSA ... I am pretty sure I know how that happened & I will fix the objects
I
> know about.
>
> MacWheel99@aol.com (Alister Wm Macintyre) (Al Mac)




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.