Your 400 might have 100 user-ids that can access the 400. Your 400 security officer can get list from GO SEC or other menus I use DSPUSRPRF F4 get *PRINT or some such command Your ZSC file might have 55 of those user-ids that can access BPCS. Do you have more than one BPCS environment? If you have a test environment and you have not used it in a while, better check that it does not have stuff in it that is no longer relevant to your reality. When we checked ours, we found that its ZSC file had security for people who had not been employed at our company for over a year. I suggest you check your license ... does it say only 50 people allowed to access BPCS? I suggest you create a little program (we used query/400) to list the people who have access to BPCS, and you also run some list off of IBM security ... who are all the people who have access to the 400? Turn those lists over to your Personnel or Human Resources dept for review. What can happen at a company is that people are hired, terminated, but the computer department is only told "Please add this new person to computer security" is not told, "so and so is no longer with us, take them off of computer security" so you end up with people names having access who no longer with your company. When you have got your security cleaned up (caught up) then there needs to be a review. Perhaps the size of your staff has changed thanks to how the economy has gone. We traded in a license for a lot of users, to get a cheaper number of users. Thus by SSAGT forcing us to do this audit, they lost money. Had we ignored security auditing, we would still be paying them for the larger license. When you use BPCS security to delete someone access, the record does not actually go away, it gets soft coded with a delete code. I wrote a tinie tiny program that goes through the ZSC file and for every one that is coded delete, it actually removes the record from the file. SSAGT was very reasonable with us. We explained that we access the test education environment with a different sign on so for example there is sign on AL ALE JERRY JERRYE MIKE MIKEE DAVE DAVEE etc. Only one person there in each pair Also ALS for AL doing security work, as opposed to accessing stuff that an ordinary user can do There is only one AL but AL has 7 different sign-ons with different mixtures of security for specialized stuff AL rarely does ... reason, AL often gets called away from desk and is still signed on, wants it left with something nothing special ... uses special sign-ons by sign on with it, do whatever, sign off with it. But all those AL sign ons can look suspicious to an auditor if no explanation given. Which applications have you paid for, and which are turned on in system parameters. Example ... WE ARE NOT USING CERTAIN APPLICATIONS but we turned some stuff on so people could look at the help screens to help decide if we want to buy that or not ... well we turned them off so there would be no misunderstandings during the audit, and in fact we have not turned them on again ... I don't think we will be getting more applications any time soon
They look at the key to determine the installed products and look at the installed products screen in the system parameters. They query the ZSC file for users to determine if the number of license users has expired. >>> email@example.com 09/10 6:32 AM >>> Hallo all, SSA promises audit all of its BPCS clients. Do you have any experiences with it or do you know how is this audit performed? TIA Franta ______________________________________________________________________ Reklama: Kam do kina ci divadla? http://kultura.seznam.cz _______________________________________________ Before posting, please take a moment to review the archives at http://archive.midrange.com/bpcs-l.
- Al Macintyre (firstname.lastname@example.org via Eudora) Al's diary http://radio.weblogs.com/0107846/