|
GO ASSIST select messages to send, put cursor on who you sending message to, F4 prompt and scroll. Ignore the Q-people who are IBM owners of various kinds of 400 objects. You will probably have some other kinds of dummy sign-ons that your Security staff will know about. I figured out what API was being used to get at that GO ASSIST option to send one message to any or all users, and added it to our BPCS user menus so that end users did not need command line authority for the GO ASSIST options. Take a look at the AS/400 SECURITY Manuals or sign on as the security officer and GO CMDSEC, GO CMDPRF, GO CMDAUT ... there are various different ways you can list all users, with statistics on when they last signed on, how long since they changed their password, what types of 400 security they have. Many of them also have *OUTFILE support. In the short term, inside the window that GO CLEANUP keeps the data, DSPLOG will help you see who signed on in the last few days, and what they sent to JOBQ. You can cursor on lines F1 to see message ids, jot them down, then DSPLOG F4 F10 to second screen and select ONLY text lines of particular message ids that interest you. I have written a CL program to extract just the lines relating to security violations, and other glitches that I want to stay on top of. I am using Security Auditing, but have not explored all the options available (I have not strayed from my current agenda). Do you have message queue SYSMSGQ? If you create one, OS/400 will copy there what is now buried in SYSOPRQ that IBM considers real serious (listed in the WORK Management Manual) ... you can also go into WRKSYSVAL and designate other message queues for various other types of error messages, such as all that hardware communication connection junk, so as to organize 400 messages by category and make it easier to drill down to the ones you really need to see. More info about this kind of thing in MDRANGE-L archives. When matching *OUTFILE with ZSC, be sure to include all BPCS environments. You might also include 400 security officers, because sometimes consultants use 400 security officer to look at BPCS data instead of using the front door of BPCS. Look at everyone who can get into BPCS, not just who is setup to get in. RUNQRY *N then any file name = a quick eyeball at what is in that file ... do that with each of the Z* files ... that is how I found where BPCS stored info on who may access which BPCS User Menu options, from which I constructed Query/400 lists of who has security access to which menus & options. We can always review one menu's security, or the security on one person, but this gave me a big picture for security management. Depending on your company policy for cleaning up spool files (ours is DO NOT KILL AUDIT TRAILS UNTIL AFTER YOUR UPDATES HAVE GONE THROUGH BACKUP), the odds are that anyone who recently was doing anything in BPCS other than simple inquiry, has left some evidence of their visitation in the spool file. WRKUSRJOB F4 & explore different options.
Hello, Is there a way i can compile a list of all users? or last sign on/active dates? We are on 6.002. and i am new to BPCS. Thank you in advance. Juan Robledo Programmer Analyst ________
Al Macintyre BPCS/400 Computer Janitor at http://www.globalwiretechnologies.com/ Al at home http://ryze.org/view.php?who=Al9Mac Find BPCS Documentation Suppliers http://radio.weblogs.com/0107846/stories/2002/11/08/bpcsDocSources.html
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
