|
I am aware of several issues you might want to consider. Is there any risk that a person who believes themselves to be in a particular environment is in fact keying merrily away in the wrong environment doing stuff that is inappropriate to be doing there? I find that this is a risk that varies with the individual ... there are some people that this never happens with ... some that it happens occasionally, the user catches themselves, swears a bit, then tries to figure out how to fix the damage, and some users are totally oblivious to the fact that they have occasionally done this. Might you have individuals whose security clearance rules are not going to be the same for all applications in all environments? This might add to the complexity of managing security. When someone goes on vacation or gets sick & for purposes of expediency tells someone else what their password is ... does that open entirely too much? We found it expedient to assign a letter code to each of our environments. When we sign onto the live environment we use our regular sign on like AL BILL CHARLEY GURU JERRY KURT MIKE NANCY PRODIGY WIZARD etc. When we sign onto the "A" environment, we sign on with the letter "A" added to the end of our name. ALA BILLA CHARLEYA GURUA JERRYA KURTA MIKEA PRODIGYA WIZARDA When we sign onto the "E" environment, we sign on with the letter "E" appended to the end of our name. ALE BILLE GURUE JERRYE KURTE MIKEE PRODIGYE WIZARDE You get the picture ... easy to remember where we are & to keep the environments separated. We do ask people to select sign on names that are 7 characters or less because we have some applications that take user name & combine that with 2 other characters to get some work area names. There is another issue with respect to performance. Does security have to check out all those groups to find out if someone has security clearance access to some task? Does that have any drag on speed of access compared to person with much less group profiles? When someone creates an object ... does it go into their default library? Should the default library be different depending on which environment they supposed to be working in? > From: keg@exchange.gasco.com (Graap, Ken) > > We are working on reviewing our AS/400's current security model > implementation. > > We have one system that supports both development and production > environments. > > Some user profiles are members in as many as 8-10 different group profiles. > > The question has come up... What if any, risk is associated with using > Supplemental Group Profiles in order to give a single user profile access to > multiple environments? Would it be better to have multiple user profiles, > one designed to access each different environment? > > An environment in this case would be defined a PRODUCTION, DEVELOPMENT, > STAGING, TRAINING etc. > > Kenneth E. Graap Al Macintyre ©¿© http://www.cen-elec.com MIS Manager Programmer & Computer Janitor +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
