Rob,

We already have Exit points and command line restrictions in place but still
we want to remove some options from client access.

The method u mentioned in here to remove options in iNav, do I have to do it
all the computers ot is it a onetime setting from one location.

Chamara



On Thu, May 12, 2011 at 5:12 PM, <rob@xxxxxxxxx> wrote:

There are capabilities within System i Navigator (formerly known as
Operations Navigator) to block certain users from certain parts of it.
Fire it up. Right click on the system and select Application
Administration. For each option there are two columns. One is "Default
Access". This means "do you want the general public to be able to use
this option?". The other is "All object access". Do NOT freak out. This
does not give you all object access to that option. This asks you "do you
want people who have all *ALLOBJ to be able to use this option?". You can
also customize each option.

I have to ask though, why do you want to block it?

There's an old story about a little Dutch boy who saved his village by
sticking his finger into a leaking dike. This prevented the water flow
from expanding it and washing out the dike. Many people try to fix
security by thrusting various body appendages through numerous holes in
the dike.

If the problem is that you've secured your 5250 command line and now
people cannot type in WRKSPLF and navigate to the payroll output queue and
look at that but they figured out how to do so via iNav then you're fixing
the wrong problem. You need to secure the payroll output queue.

There are also things called "exit points". These allow you to wrap
custom programs around each exit point. For example, if you do not like
the capability for iNav's Application Administration to restrict FTP you
can roll your own exit point program. There are a LOT of exit points.
That's why there are vendors who sell products to cover them. There are
new exit points created with each new release of the OS. Therefore if you
decide to purchase an exit point solution do not think you can forego a
maintenance contract.


Rob Berendt
--
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: Chamara Withanachchi <chamaraw@xxxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Date: 05/12/2011 03:06 AM
Subject: Block Users
Sent by: midrange-l-bounces@xxxxxxxxxxxx



Hi,

I wan to block/restrict users being using Operations Navigator feature is
there a setting or procedure to do this?

--
Regards,

Chamara Withanachchi
IBM Certified Power System Expert
RPG Programmer
(owner of www.rpgiv.info)

WWW.RPGIV.INFO
Mob: +94 77 1678646
chamaraw@xxxxxxxxxx

i want to be future ready. i want control. i want an i.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.





This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].