|
Al Can you explain more about the queries you build in exactly what files did you run them against? seems what you are doing is somehow what I need to do... I needto map all the sec files on BPCS and find out exactly what users are using which files/menus etc.. and also, which users have access to aditional menus located in files like ZMM, ZMA, ZMO, etc. Also, if you have a list of what each Z* file has.. that would be great! I know about pentasafe.. we tried it here too.. not too good not too bad.. I prefer tools like Visual Message Center.. real time monitoring... BTW Im in Bristol-Myers Mexico :) Cheers Al Mac wrote: > You cannot get at the stuff that relates to permission for your company to > use BPCS itself (SSA license) unless you want to go to jail. > > Look at the Z* files layout ... ZMA ZSC etc. also some of the ZPA records > Use Query/400 or some such tool to create your own reference charts: > Who all has access to ORD General Ledger etc. > I have one that lists all the menus that selected range of users have > access to & where they come in priority on their respective menu lists. > I have another that lists for some range of program options, what all menus > they show up on. > I use these when I am told to setup some new user with all the same stuff > as another specified user, with a few variations. > > Parsing the ZSC file is a bit of a pain. > I have not done it, but approach I might suggest > dump all the non-blank fields into a humongous array, then sort what you > have dumped (SORTA) > > What I have done, is to create a dummy user in which all the Yes/No fields > populated not by Y/N but by letters of the alphabet associated with the > BPCSDOC standards identifying the application, then have a Query/400 that > charts those core rules putting that dummy user on top to make that part of > the chart somewhat readable. > > Another thing I was interested in was what all programs update some file, > or call some program. I did not want to use XRF of BPCS because it has > some extremely severe security problems. So I have an *OUTFILE built from > IBM GO CMDREF that creates a cross-reference of BPCS programs that do the > calling and what they call, then I can do a Query/400 inquiry against > that. It not get everything due to soft-coding, but it good enough for my > purposes. > > I also have a job that puts IBM 400 profile data into an *OUTFILE then I > run Query/400 against that. > > Say ... we almost neighbors ... I work in Evansville Indiana, where > Bristol-Myers has one of its AS/400 offices. > > There is an outside vendor tool ... it used to be from www.pentasafe.com > but they went through some change in company, and I not up on the product > naming ... we got a demo of this at an AS/400 user meeting in Evansville, > and if I am not mistaken, I believe it was Bristol-Myers Evansville that > had it installed. Designed primarily for Auditors, it looks at your > overall security standards, and there are versions of it specifically for > AS/400, Windoze, Unix, Linux, you name it, and yes there is one tailored > for BPCS (I not remember which versions). > > Basically it looks for things like people with easily guessable passwords > (without telling hacker with this tool which they are), not changed in > eons, security officer able to sign on over unsecured Internet connections, > a large collection of security checks, that usually are beyond the > technical expertise of most of us, then gives a non-technical report how > our security compares to various industry standards. > > UPI has a product (they'll pay me a commission if you buy it and give me > credit) in which you can specify specific fields of specific files that you > want to track, such as prices for parts, or formula of which chemicals to > use in manufacturing that QC checks, or any other sensitive things, then it > tells you everyone who messed with that and which programs they used to > mess with it, and you can sort it various ways ... e.g. let's see who all > accessed the General Ledger, using programs other than those that came with > BPCS ... or let's see who all changed ITE rules or other tailoring, did > some transactions under the changed rules, then changed them back to what > they were before (think embezzlement audit trail). > > I have also been looking into some security topics that are outside > BPCS/400 ... we can discuss off-line if you interested. > > - > Al Macintyre http://www.ryze.com/go/Al9Mac > Find BPCS Documentation Suppliers > http://radio.weblogs.com/0107846/stories/2002/11/08/bpcsDocSources.html > BPCS/400 Computer Janitor at http://www.globalwiretechnologies.com/ > > >Guys.. > > > >Is there a way or a tool to get all the security related > >permission on BPCS? > > > >Im trying to find out to what pgms each user has access (like > >parsing the zsc file) and also, to what external programs they > >have access thru menu maintenance/aditional menus/not core menus? > > > >Is there such a tool for this or a way to get a compelte report > >as to what a user has access to or a reports that shows who has > >access to each program? > > > >Thx for your help. > > > > > >-- > >Anton Krall > >IT Security Officer > >Bristol-Myers Squibb Mexico > > > >Tel. Directo: 5337-2620 > >Conmutador: 5337-2800 > >Email: anton.lopez-krall@xxxxxxx > _______________________________________________ > This is the SSA's BPCS ERP System (BPCS-L) mailing list > To post a message email: BPCS-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/bpcs-l > or email: BPCS-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/bpcs-l. -- Anton Krall IT Security Officer Bristol-Myers Squibb Mexico Tel. Directo: 5337-2620 Conmutador: 5337-2800 Email: anton.lopez-krall@xxxxxxx
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.