× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MAPICS-L
  3. December 2004

RE: MAPICS - need info on the AMAPICS user profile

Dave,

I'm with you on this one.  So please, rant away!

It is still amazing to me how many MAPICS sites do not understand the MAPICS 
security methodology.  This is not meant to offend anyone, but if you don't 
know this your just asking for trouble.

It's like the CEO who asked me to evaluate his security system now that they 
were on the Internet.  They had purchased MAPICS about 2 years prior and were 
just know linking the AS/400 data to web inquiries.  

I walked up to a PC and logged into the AS/400 with QSECOFR and the default 
password!!

(Note: This was about 3 years ago before IBM forced a change to the password.)

I turned to the CEO and said "I will 100% guarantee that your companies systems 
WILL be hacked."  He looked shocked.  I told him that it was obvious that their 
IT department did not have even rudimentary security policies in place.

These shops that don't understand the basics are the same shops that allow 
programmers to program with QSECOFR authority.  Amazing!

Anyway,  for those of you attempting to clear SARB-OX audits please be aware 
that this type of neglect will get a failing grade from any of the reputable 
audit firms.

Greg you are absolutly correct in your understanding of the "short cuts" taken 
by the lazy, the ignorant. and the down right dishonest consultants that should 
know better.

I put this one right up there with disabling "Level Check".

RANT AWAY DAVE!

Kevin Fox
kdfox@xxxxxxxxxxxxx

Greg,

It is/may be difficult to change all your users from having AMAPICS as a
group if programs that were created that use MAPICS files were not
created correctly.

The programs should be owned by AMAPICS and the User Profiles should say
*OWNER. Also, they should say USE ADOPTED AUTHORITY *YES.. 

This was a shortcut for people who didn't know how MAPICS security
worked and was a quick way of giving access to users to files for
Query.. With all the other ways that users can access the data now, this
is a HUGE security hole.. 

I have found that many MAPICS customers have AMAPICS as the group
profile on their users.. 

To make this work, you need to first verify that all your programs that
are accessing MAPICS files are compiled properly. You can use the
CHGOBJOWN or CHGOWN (depending upon which release of the OS you are on).
You can also do a CHGPGM to change the USRPRF parameter to *OWNER and
the USEADOPT paramter to *YES.

Once you do that, you can try a few users to see if you didn't miss
anything. 


Michael Franchino
Custom Systems Corporation
334 Sparta Ave
Sparta, NJ  07871
 
973-726-0202 X214
973-726-4552 Fax
http://eax.cussys.com
 

-----Original Message-----
From: mapics-l-bounces@xxxxxxxxxxxx
[mailto:mapics-l-bounces@xxxxxxxxxxxx] On Behalf Of Greg Wenzloff
Sent: Wednesday, December 29, 2004 1:03 PM
To: 'MAPICS ERP System Discussion'
Subject: RE: MAPICS - need info on the AMAPICS user profile

Dave,

Your reply confuses me somewhat.  I thought this was the way MAPICS came
to everyone <with the AMAPICS uses as a group profile>.  You imply that
the
people who set up our system took a short cut.   Are you saying I can
undo
the situation?   If so - please explain with some details.

Thanks,
Greg

-----Original Message-----
From: Dave Shaw [mailto:daveshaw@xxxxxxxxxxxxx]
Sent: Wednesday, December 29, 2004 11:25 AM
To: MAPICS ERP System Discussion
Subject: Re: MAPICS - need info on the AMAPICS user profile

Greg,

There is NO good reason for AMAPICS to be a group profile for ANY user!
I've heard of it being set up this way several times, and each time I
just shake my head.  MAPICS programs use adopted authority to access the
files, and any custom programs or queries that you have should use some
similar mechanism, NOT a group profile scheme using AMAPICS!

Pardon my rant, but I was using MAPICS for years before IBM added the
group profile capability, and I find this particular shortcut terribly
dangerous.

Dave Shaw

----- Original Message -----
From: "Greg Wenzloff" <GWenzloff@xxxxxxxxxxx>
To: <mapics-l@xxxxxxxxxxxx>
Sent: Wednesday, December 29, 2004 10:42 AM
Subject: MAPICS - need info on the AMAPICS user profile


> Hello List,
>
> I've been using MAPICS for 14 years but never paid much attention to
the
> AMAPICS user profile.  Could members of this list tell me how you
handle
> this user profile which on my system has 5 of the 8 special
authorities
> active.
>
> Our regular users have AMAPICS as a group profile which if I'm correct
> adopts these special authorities.  This is not desirable with
Sarbanes-Oxley
> scrutiny in progress.
>
> Can a regular user operate successfully in MAPICS without that group
> profile?
>
> Can the special authorities be trimmed way back without causing
problems?
>
> Any info would help.  Thanks in advance.
>
> Greg Wenzloff
> Beck Manufacturing
>
> XAR4

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.