× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. July 2018

RE: ACS central location deployment for all users - securing ACS options

I'll assume you are using a centralized properties file. Set that up to
exclude the options you do not want showing. For yourself, have a local
properties file. Examples in the file are excellent.

Then there is application administration that can be used as well.


--
Jim Oberholtzer
Agile Technology Architects


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Steinmetz, Paul
Sent: Wednesday, July 18, 2018 2:27 PM
To: 'Midrange Systems Technical Discussion' <midrange-l@xxxxxxxxxxxx>
Subject: ACS central location deployment for all users - securing ACS
options

I'm testing ACS central location deployment for all users.

AcsConfig.properties was changed/updated to install to Users\public.
com.ibm.iaccess.AcsBaseDirectory=C:\Users\Public\Documents\ACS

Install was done initially with install_acs_64_allusers.js /AdminConfig.
All options were answered with 'Y', full access.

I created a single .hod session, which will be stored on the local PC.
Generate option, use computer name, Truncate ending, Avoid duplicate names
on this workstation.
SSL and EIM enabled.

Then created a public desktop shortcut to this .hod saved session.

All working fine for any user, multiple sessions.
The nice thing here is only one session had to be created for all users/all
PCs.
This will be included in the PC image when rolled out.

The issue I have now is I need to secure the ACS options for the normal
user.

They should NOT have:

Data Transfer
IFS
Navigator for i
Manage DB2
SQL scripts.

When using ACS central location, a big negative is the capability of
picking/choosing which options to give a user.
I could create a 2nd ACS central location deployment, with all options set
to "N".
Possibly will do this.

But some users may only need one or two options.
Or, do I only use central location for base ACS, no options, and use local
location for any user with ACS+ options.

How are others managing the ACS options when central location deployment is
used?

Thank You
_____
Paul Steinmetz
IBM i Systems Administrator

Pencor Services, Inc.
462 Delaware Ave
Palmerton Pa 18071

610-826-9117 work
610-826-9188 fax
610-349-0913 cell
610-377-6012 home

psteinmetz@xxxxxxxxxx
http://www.pencor.com/





As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.