Re: Block Users

There are capabilities within System i Navigator (formerly known as
Operations Navigator) to block certain users from certain parts of it.
Fire it up. Right click on the system and select Application
Administration. For each option there are two columns. One is "Default
Access". This means "do you want the general public to be able to use
this option?". The other is "All object access". Do NOT freak out. This
does not give you all object access to that option. This asks you "do you
want people who have all *ALLOBJ to be able to use this option?". You can
also customize each option.

I have to ask though, why do you want to block it?

There's an old story about a little Dutch boy who saved his village by
sticking his finger into a leaking dike. This prevented the water flow
from expanding it and washing out the dike. Many people try to fix
security by thrusting various body appendages through numerous holes in
the dike.

If the problem is that you've secured your 5250 command line and now
people cannot type in WRKSPLF and navigate to the payroll output queue and
look at that but they figured out how to do so via iNav then you're fixing
the wrong problem. You need to secure the payroll output queue.

There are also things called "exit points". These allow you to wrap
custom programs around each exit point. For example, if you do not like
the capability for iNav's Application Administration to restrict FTP you
can roll your own exit point program. There are a LOT of exit points.
That's why there are vendors who sell products to cover them. There are
new exit points created with each new release of the OS. Therefore if you
decide to purchase an exit point solution do not think you can forego a
maintenance contract.


Rob Berendt