×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
You cannot get at the stuff that relates to permission for your company to
use BPCS itself (SSA license) unless you want to go to jail.
Look at the Z* files layout ... ZMA ZSC etc. also some of the ZPA records
Use Query/400 or some such tool to create your own reference charts:
Who all has access to ORD General Ledger etc.
I have one that lists all the menus that selected range of users have
access to & where they come in priority on their respective menu lists.
I have another that lists for some range of program options, what all menus
they show up on.
I use these when I am told to setup some new user with all the same stuff
as another specified user, with a few variations.
Parsing the ZSC file is a bit of a pain.
I have not done it, but approach I might suggest
dump all the non-blank fields into a humongous array, then sort what you
have dumped (SORTA)
What I have done, is to create a dummy user in which all the Yes/No fields
populated not by Y/N but by letters of the alphabet associated with the
BPCSDOC standards identifying the application, then have a Query/400 that
charts those core rules putting that dummy user on top to make that part of
the chart somewhat readable.
Another thing I was interested in was what all programs update some file,
or call some program. I did not want to use XRF of BPCS because it has
some extremely severe security problems. So I have an *OUTFILE built from
IBM GO CMDREF that creates a cross-reference of BPCS programs that do the
calling and what they call, then I can do a Query/400 inquiry against
that. It not get everything due to soft-coding, but it good enough for my
purposes.
I also have a job that puts IBM 400 profile data into an *OUTFILE then I
run Query/400 against that.
Say ... we almost neighbors ... I work in Evansville Indiana, where
Bristol-Myers has one of its AS/400 offices.
There is an outside vendor tool ... it used to be from www.pentasafe.com
but they went through some change in company, and I not up on the product
naming ... we got a demo of this at an AS/400 user meeting in Evansville,
and if I am not mistaken, I believe it was Bristol-Myers Evansville that
had it installed. Designed primarily for Auditors, it looks at your
overall security standards, and there are versions of it specifically for
AS/400, Windoze, Unix, Linux, you name it, and yes there is one tailored
for BPCS (I not remember which versions).
Basically it looks for things like people with easily guessable passwords
(without telling hacker with this tool which they are), not changed in
eons, security officer able to sign on over unsecured Internet connections,
a large collection of security checks, that usually are beyond the
technical expertise of most of us, then gives a non-technical report how
our security compares to various industry standards.
UPI has a product (they'll pay me a commission if you buy it and give me
credit) in which you can specify specific fields of specific files that you
want to track, such as prices for parts, or formula of which chemicals to
use in manufacturing that QC checks, or any other sensitive things, then it
tells you everyone who messed with that and which programs they used to
mess with it, and you can sort it various ways ... e.g. let's see who all
accessed the General Ledger, using programs other than those that came with
BPCS ... or let's see who all changed ITE rules or other tailoring, did
some transactions under the changed rules, then changed them back to what
they were before (think embezzlement audit trail).
I have also been looking into some security topics that are outside
BPCS/400 ... we can discuss off-line if you interested.
-
Al Macintyre http://www.ryze.com/go/Al9Mac
Find BPCS Documentation Suppliers
http://radio.weblogs.com/0107846/stories/2002/11/08/bpcsDocSources.html
BPCS/400 Computer Janitor at http://www.globalwiretechnologies.com/
Guys..
Is there a way or a tool to get all the security related
permission on BPCS?
Im trying to find out to what pgms each user has access (like
parsing the zsc file) and also, to what external programs they
have access thru menu maintenance/aditional menus/not core menus?
Is there such a tool for this or a way to get a compelte report
as to what a user has access to or a reports that shows who has
access to each program?
Thx for your help.
--
Anton Krall
IT Security Officer
Bristol-Myers Squibb Mexico
Tel. Directo: 5337-2620
Conmutador: 5337-2800
Email: anton.lopez-krall@xxxxxxx
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
