Hi Genyphyr, Thank you so much for getting back to me. I recently read one of your responses in the archives, which helped a lot (subject: Re: BPCS- Adopted Authority). Prior to receiving your response, I actually did all these things (except download the V8.1 install instructions... I'll do that next). I'm currently working w/ the help desk, "inquiry" 2122, on opening a BPCD bmr version of 51582 so I may get the compiled version of certain "SYS" programs; I do have the readme text... Unfortunately, I was just informed that "This would be entered as a E (enhancement) bmr and would be hard to get completed on BPCD". If you have any pull or if anyone else out there is having the same problem... Please advise. Thanks. DeeDee Virgei Nelson Stud Welding, Inc. 7900 West Ridge Rd Elyria, OH 44036 -----Original Message----- From: Genyphyr Novak [mailto:firstname.lastname@example.org] Sent: Wednesday, September 25, 2002 4:53 PM To: email@example.com Subject: Re: Group Profile Security Hi Dee Dee, The attribute you are changing is a Group Job attribute. The group job is what you see when you press the ATTN key and start another job from a WRKACTJOB job screen. You'd see your job where the ATTN key was pressed with a '+' sign next to it. Use F14 to show the group jobs under the first interactive job. Batch jobs by definition can't be group jobs, since there is no display file to bring up another session. This does not reset group profile security for the user. I suggest that you download the V8.1 install instructions from OGS Online to read the appendix dealing with securing the database in BPCS. This explains how programs compiled with user profile *OWNER and the proper set up of BPCS file objects will eliminate the need for the SSA Group profile on the individual BPCS users profiles. This can then secure your data files from users running queries outside BPCS or trying to look at files from a PC ODBC connection etc.. If done correctly, the BPCS files would then only be able to be directly accessed through running a BPCS program or if the user in question was part of a special authorization list for that file, or if the user in question had *ALLOBJ authority on the system. Also check out BMR 51582 done on other BPCS releases. You would need to get the security programs for BPCS CD sent to you compiled with User Profile *OWNER to make this all work properly (since you can not recompile those yourselves). You could request the actions done for this BMR on V6.x be completed for BPCS CD (contact Support Center AS/400 Technical team for this and request they escalate the new BMR). The other issue to watch out for is command line access from within BPCS. You'll want to make sure that users don't inherit the authority and then do what they want to the files from the command line. In V6.x releases, BMR 57230 (6100 80) and 62640 (6004) were completed to secure the BPCS command line from adopting inappropriate authorities. If you own source, this is an easy change to do yourself, by just making sure a separate program calls the command line (or any system function which brings up a command line, such as WRKSPLF) and the separate program is compiled with as User Profile *USER and Adopt Authority (from previous call level) *NO. Thanks, Genyphyr Novak SSA GT R&D ----- Original Message ----- From: "DeeDee Virgei" <DeeDee.Virgei@nelsonstud.com> To: <firstname.lastname@example.org> Sent: Monday, September 23, 2002 11:17 AM Subject: Group Profile Security > > Hi All, > > We are looking to beef up our BPCS (4.05 CD) security. More specifically, > I'm planning to change our users group profiles to "*NONE" (in place of > SSA); then, I plan to add "CHGGRPA GRPJOB(SSA)" command to the BPCSMENU > program. After testing one profile, I found this works if the user runs > everything interactively. However, I run into security violations when the > user runs any of the BPCS jobs in batch mode; the group profile attribute > apparently does not carry over to jobs stemming from the interactive > session/job... Has anyone run into this situation -- appreciate any input. > Thanks. > > DeeDee Virgei > Nelson Stud Welding, Inc. > 7900 West Ridge Rd > Elyria, OH 44036 > _______________________________________________ This is the SSA's BPCS ERP System (BPCS-L) mailing list To post a message email: BPCS-L@midrange.com To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/cgi-bin/listinfo/bpcs-l or email: BPCS-Lemail@example.com Before posting, please take a moment to review the archives at http://archive.midrange.com/bpcs-l.
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.