Compared to other ERP, BPCS is not structured to make it easy to figure out who updated what ... BPCS is embezzler-friendly, under a theory of security by obscurity, so people who can figure out the loopholes have a great advantage over people who learn only the BPCS how it works standards.

I know of many of those holes, and embezzlement-friendly features, would never spell them out in a public forum like this, only in briefings to my own management and our auditors. Unfortunately I am always kept too busy with day to day needs to take advantage of optimal strategic protections from the risks.

Depending on version of BPCS, there are all kinds of histories & cross-indexing where data in various files can be tracked back to what records in other files have more information about the activity.

The quality of this is much like IBM Security Auditing, which is easy to turn on, but you have to have like a Masters Degree in Security from a thousand hours of IBM classes to figure out what the security log is telling you, or buy some 3rd party package to interpret the logs for you.

For example, there is inventory history which includes name of user signed on at what work station who entered the transactions, a system which is only as good as internal company policies with regards to different people having their own sign-ons, which can be constrained by the # of users license for BPCS.

The General Ledger and other applications have a ton of reference fields which generally do not appear in any standard BPCS reports & inquiries, which can be used for forensic back tracing analysis, capabilities not detailed in any documentation delivered to BPCS customers. General Ledger has business rules which permit different levels of detail tracking different kinds of transactions. So those transactions where there's little management interest in GL back tracking, or we have alternative ways to track, let's not clog up the disk space with detail logging, while in other areas where we have doubts about the veracity of BPCS integrity, let's get all the auditable detail we can.

There are also add-ons from 3rd parties that make deciphering the evidence something that can be done by non-technical management and accounting auditors without any hassles. What you are describing is an add-on from UPI where management identifies activities they want to track, like changes to costs, pricing, engineering, supply chain business rules, whatever, which determines what gets logged into disk space, in which it does not matter if the update is done by BPCS software, some IBM utility like DFU, open source for 400, an authorized user, a hacker ... it tracks who did what when how for later review.

A later version of the software, not yet released, promises to have business rules to block certain kinds of unauthorized activity, instead of the current version where it logs the embezzlement, sabotage, human error etc. for someone later to see when they review the log.

Al Macintyre
20 year veteran of messing with BPCS
40 year veteran of working on IBM midrange

Does BPCS have an Event log?

By this I mean something in the form of:

Id activity name timestamp user id

for each batch and user transactions.

The Id would be a unique identifier used to trace an instance of an process from beginning to end
The activity name may be a program name (with different phases - start cancel end etc).


Any help would be appreciated.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.