|
Hello, Please note that some BMRs are available to help in setting up the Adopted Authority in BPCS and this is in fact the recommended practice for setting up BPCS authority on newer releases and is covered in the BPCS installation instructions. The old 'SSA Group' profile is simply too much of a security hole no matter how you slice it. Please contact the SSA support center iSeries technical team for information on the BMRs available for your release (not required on V8 and higher) for both the user of adopted authority and for locking down the command line in BPCS green screen. Thanks, Genyphyr Novak SSA Global On Thu, 10 Jun 2004, Clare Holtham wrote: > Roger, > > You're forgetting PCs. The command line solution only works when there are > only dumb terminals. As soon as you introduce PCs into the equation, BPCS > users with traditional membership of the SSA group profile have ALL access to > all the BPCS Database files. So in theory they could change or delete them. > > Some users (mainly pharmaceutical ones) have solved this by changing the way > BPCS security works, and using 'adopted authority' (another iSeries security > feature) instead of the Group profile. But it's a lot of work to set up. > Other users have made use of 'Exit programs' - another iSeries feature that > also needs a lot of work. Other users have given their biggest ODBC users > (usually the accounts dept) profiles that are not part of the SSA group for > PC work, and hoped that the other BPCS users don't have enough PC knowledge > to do any damage (this will not pass the auditors though!!) > > You also need to ensure the PCs themselves are controlled - with standard > software and settings and policies. > > Hope this helps, > > Clare > > Clare Holtham > Director, Small Blue Ltd - Archiving for BPCS > Web: www.smallblue.co.uk > IBM Certified AS/400 Systems Professional > E-Mail: Clare.Holtham@xxxxxxxxxxxxxx > Mobile: +44 (0)7960 665958 > ----- Original Message ----- > From: Roger.Henady@xxxxxxxxxx > To: SSA's BPCS ERP System > Sent: Wednesday, June 09, 2004 10:11 PM > Subject: RE: DB2 Users > > > Have BPCSMENU be the initial program and *Signoff the initial menu for > your BPCS users. Then limit their capabilities. If the user can not > get to the command line how can the run a query or sql? > > > Roger Henady > > > > "Reinardy, James" <jreinardy@xxxxxxxxxxxxxxx> > Sent by: bpcs-l-bounces@xxxxxxxxxxxx > 06/09/2004 03:55 PM > Please respond to > "SSA's BPCS ERP System" <bpcs-l@xxxxxxxxxxxx> > > > To > "SSA's BPCS ERP System" <bpcs-l@xxxxxxxxxxxx> > cc > > Subject > RE: DB2 Users > > > > > > > Pardon my ignorance of iSeries security concepts here. All of our BPCS > users are grouped with the SSA profile as recommended. If I understand > your comment correctly, this allows them full access to the DB2 files > while logged into BPCS. Does it also allow full access from other tools > like AS400 query and ODBC? > > If so, that is where we perceive our problem to be. We are being > pressured to control access to the files through means other than the > BPCS screens, even for users within the SSA profile. Is this possible? > > Thanks for replying, > > Jim > > -----Original Message----- > From: bpcs-l-bounces@xxxxxxxxxxxx [mailto:bpcs-l-bounces@xxxxxxxxxxxx] > On Behalf Of RKHBIT@xxxxxxx > Sent: Wednesday, June 09, 2004 3:44 PM > To: bpcs-l@xxxxxxxxxxxx > Subject: Re: DB2 Users > > Jim, if you followed SSA's recommendation and grouped your BPCS users > with the SSA profile then as long as the SSA profile has authority the > user grouped with SSA will have the necessary authority while executing > any BPCS object. > > Utilizing objects outside of BPCS to process the files would also work > for those users grouped with the SSA profile. Users not grouped with > the SSA profile would require the group attributes to be set to the SSA > profile or to be individually included with each files authority list or > profiles. > > Richard Kent Hamilton > > Business Information Technology, Inc. > Phone (812)883-9180 > _RKHBIT@xxxxxxxx (http://RKHBIT@xxxxxxx/) _BITECHUSA.COM_ > (http://www.bitechusa.com/) > > > > _______________________________________________ > This is the SSA's BPCS ERP System (BPCS-L) mailing list > To post a message email: BPCS-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/bpcs-l > or email: BPCS-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/bpcs-l. > > > _______________________________________________ > This is the SSA's BPCS ERP System (BPCS-L) mailing list > To post a message email: BPCS-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/bpcs-l > or email: BPCS-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/bpcs-l. > _______________________________________________ > This is the SSA's BPCS ERP System (BPCS-L) mailing list > To post a message email: BPCS-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/bpcs-l > or email: BPCS-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/bpcs-l. > >
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.