1. I think this is more a question for MIDRANGE-L or the SECURITY400 discussion group than BPCS-L.
2. One approach might be to setup a naming convention for printers so it is 
pretty obvious what department they are in, and to designate the spool 
files and printers as being owned by secondary security groups, that are 
also named so it is pretty obvious what is the group of accounting, 
production, purchasing, customer service, and so forth.
You will probably need to have an ISO procedure to manage the movement of 
devices across departments.
For example, suppose user-X with laptop shows up in dept-Y and plugs into 
the network there ... should user-X have access to dept-Y printers, because 
of convenient location, or be banned from access on basis of something 
other than standard naming conventions, which most any user can easily 
change at the workstation level.
Or suppose the printer in shipping breaks down, and needs to be repaired, 
so while waiting on that, the shipping dept has an urgent need to use 
another printer, and perhaps one being used by the factory reprint shop 
orders is best suited for this purpose, but no one in the shipping dept has 
authority to access that printer, so you have to have a procedure to 
implement substitution pretty darn fast, because the company not want to be 
doing hand written shipping documents.
Everyone in accounting dept is put into the accounting security group, 
which owns all the places that accounting reports are going to end up, and 
similarly for other departments.  Existing reports would be going to spool 
files that the people in the depts have access to, then they can move their 
reports from their spool to the dept shared spool.
Depending on the structure of your company, you may have people who work 
several job functions ... engineering and production maintenace ... 
customer service and planning ... sales analysis and planning ... customer 
service and forecasting, etc. so some people will need to be in multiple 
security groups.
You need to figure out what you going to do about managers, who might have 
legitimate access to ALL dept reports.  I believe there is a ceiling on how 
many groups a person can be in, and they can also do a performance hit.
These should be new names that no BPCS reports are currently going to, 
since you not want to bomb existing software, by in essence saying that 
anyone who runs this or that software, if they have not yet been setup in 
the relevant group, will cause that software to bomb because it is trying 
to output itself to a place the person running it does not have authority to.
Ultimately you may want to modify workstation control rules by user, so all 
their stuff is going to the OUTQ corresponding to the dept where they do 
most of their work, and you might want to change BPCS security so orxdinary 
users cannot change their workstation defaults in BPCS.  Otherwise some 
curious person might change their defaults to printer in some dept whose 
data you consider to be rather confidential.
Several vendors that subscribe to BPCS-L have enhancements to BPCS security 
management ... you might ask if any of them have enhancements that are 
specific to report management.  It may be that there is a plug in to do 
what you want.  There's one enhancement that controls at the customer 
level, because if you have customer-A accessing your system to see where we 
are on work we doing for them, we might not want them to see what we are 
doing for customer-B.  Well one of the security enhancements solves that 
granularity.
Hello Everybody,

I need a help. We are wroking Os V5R3 on I series have Client Access and
application BPCS Ver. 8.2   .

We are trying to restrict the Printer Session to different Users. (Like
Accounts Dept Users should not access Purchase Dept Printer Session) Vice
Versa.
Can anyone help me out on how to limit the Printer session to Different
Departments.

Thanks a lot in advance.

Regards,
Vishu
<snip> confidentiality notice inapplicable to an Internet discussion group. 






As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact copyright@midrange.com.

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.