× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. BPCS-L
  3. June 2004

Re: DB2 Users

Roger,

You're forgetting PCs. The command line solution only works when there are only 
dumb terminals. As soon as you introduce PCs into the equation, BPCS users with 
traditional membership of the SSA group profile have ALL access to all the BPCS 
Database files. So in theory they could change or delete them.

Some users (mainly pharmaceutical ones) have solved this by changing the way 
BPCS security works, and using 'adopted authority' (another iSeries security 
feature) instead of the Group profile. But it's a lot of work to set up. Other 
users have made use of 'Exit programs' - another iSeries feature that also 
needs a lot of work. Other users have given their biggest ODBC users (usually 
the accounts dept) profiles that are not part of the SSA group for PC work, and 
hoped that the other BPCS users don't have enough PC knowledge to do any damage 
(this will not pass the auditors though!!)

You also need to ensure the PCs themselves are controlled - with standard 
software and settings and policies.
 
Hope this helps,

Clare

Clare Holtham
Director, Small Blue Ltd - Archiving for BPCS
Web: www.smallblue.co.uk  
IBM Certified AS/400 Systems Professional 
E-Mail: Clare.Holtham@xxxxxxxxxxxxxx
Mobile: +44 (0)7960 665958
  ----- Original Message ----- 
  From: Roger.Henady@xxxxxxxxxx 
  To: SSA's BPCS ERP System 
  Sent: Wednesday, June 09, 2004 10:11 PM
  Subject: RE: DB2 Users


  Have BPCSMENU be the initial program and *Signoff the initial menu for 
  your BPCS users.     Then limit their capabilities.   If the user can not 
  get to the command line how can the run a query or sql?


  Roger Henady



  "Reinardy, James" <jreinardy@xxxxxxxxxxxxxxx> 
  Sent by: bpcs-l-bounces@xxxxxxxxxxxx
  06/09/2004 03:55 PM
  Please respond to
  "SSA's BPCS ERP System" <bpcs-l@xxxxxxxxxxxx>


  To
  "SSA's BPCS ERP System" <bpcs-l@xxxxxxxxxxxx>
  cc

  Subject
  RE: DB2 Users






  Pardon my ignorance of iSeries security concepts here.  All of our BPCS
  users are grouped with the SSA profile as recommended.  If I understand
  your comment correctly, this allows them full access to the DB2 files
  while logged into BPCS.  Does it also allow full access from other tools
  like AS400 query and ODBC? 

  If so, that is where we perceive our problem to be.  We are being
  pressured to control access to the files through means other than the
  BPCS screens, even for users within the SSA profile.  Is this possible?

  Thanks for replying,

  Jim

  -----Original Message-----
  From: bpcs-l-bounces@xxxxxxxxxxxx [mailto:bpcs-l-bounces@xxxxxxxxxxxx]
  On Behalf Of RKHBIT@xxxxxxx
  Sent: Wednesday, June 09, 2004 3:44 PM
  To: bpcs-l@xxxxxxxxxxxx
  Subject: Re: DB2 Users

  Jim, if you followed SSA's recommendation and grouped your BPCS users
  with the SSA profile then as long as the SSA profile has authority the
  user grouped with SSA will have the necessary authority while executing
  any BPCS  object.
   
  Utilizing objects outside of BPCS to process the files would also work
  for those users grouped with the SSA profile.  Users not grouped with
  the SSA profile would require the group attributes to be set to the SSA
  profile or to be individually included with each files authority list or
  profiles. 

  Richard Kent  Hamilton

  Business Information Technology,  Inc.
  Phone (812)883-9180
  _RKHBIT@xxxxxxxx (http://RKHBIT@xxxxxxx/) _BITECHUSA.COM_
  (http://www.bitechusa.com/) 



  _______________________________________________
  This is the SSA's BPCS ERP System (BPCS-L) mailing list
  To post a message email: BPCS-L@xxxxxxxxxxxx
  To subscribe, unsubscribe, or change list options,
  visit: http://lists.midrange.com/mailman/listinfo/bpcs-l
  or email: BPCS-L-request@xxxxxxxxxxxx
  Before posting, please take a moment to review the archives
  at http://archive.midrange.com/bpcs-l.


  _______________________________________________
  This is the SSA's BPCS ERP System (BPCS-L) mailing list
  To post a message email: BPCS-L@xxxxxxxxxxxx
  To subscribe, unsubscribe, or change list options,
  visit: http://lists.midrange.com/mailman/listinfo/bpcs-l
  or email: BPCS-L-request@xxxxxxxxxxxx
  Before posting, please take a moment to review the archives
  at http://archive.midrange.com/bpcs-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.