Re: Reg : printer Session Restriction. -- BPCS-L

1. I think this is more a question for MIDRANGE-L or the SECURITY400discussion group than BPCS-L.

2. One approach might be to setup a naming convention for printers so it ispretty obvious what department they are in, and to designate the spoolfiles and printers as being owned by secondary security groups, that arealso named so it is pretty obvious what is the group of accounting,production, purchasing, customer service, and so forth.

You will probably need to have an ISO procedure to manage the movement ofdevices across departments.

For example, suppose user-X with laptop shows up in dept-Y and plugs intothe network there ... should user-X have access to dept-Y printers, becauseof convenient location, or be banned from access on basis of somethingother than standard naming conventions, which most any user can easilychange at the workstation level.

Or suppose the printer in shipping breaks down, and needs to be repaired,so while waiting on that, the shipping dept has an urgent need to useanother printer, and perhaps one being used by the factory reprint shoporders is best suited for this purpose, but no one in the shipping dept hasauthority to access that printer, so you have to have a procedure toimplement substitution pretty darn fast, because the company not want to bedoing hand written shipping documents.

Everyone in accounting dept is put into the accounting security group,which owns all the places that accounting reports are going to end up, andsimilarly for other departments. Existing reports would be going to spoolfiles that the people in the depts have access to, then they can move theirreports from their spool to the dept shared spool.

Depending on the structure of your company, you may have people who workseveral job functions ... engineering and production maintenace ...customer service and planning ... sales analysis and planning ... customerservice and forecasting, etc. so some people will need to be in multiplesecurity groups.

You need to figure out what you going to do about managers, who might havelegitimate access to ALL dept reports. I believe there is a ceiling on howmany groups a person can be in, and they can also do a performance hit.

These should be new names that no BPCS reports are currently going to,since you not want to bomb existing software, by in essence saying thatanyone who runs this or that software, if they have not yet been setup inthe relevant group, will cause that software to bomb because it is tryingto output itself to a place the person running it does not have authority to.

Ultimately you may want to modify workstation control rules by user, so alltheir stuff is going to the OUTQ corresponding to the dept where they domost of their work, and you might want to change BPCS security so orxdinaryusers cannot change their workstation defaults in BPCS. Otherwise somecurious person might change their defaults to printer in some dept whosedata you consider to be rather confidential.

Several vendors that subscribe to BPCS-L have enhancements to BPCS securitymanagement ... you might ask if any of them have enhancements that arespecific to report management. It may be that there is a plug in to dowhat you want. There's one enhancement that controls at the customerlevel, because if you have customer-A accessing your system to see where weare on work we doing for them, we might not want them to see what we aredoing for customer-B. Well one of the security enhancements solves thatgranularity.

Hello Everybody,

I need a help. We are wroking Os V5R3 on I series have Client Access and
application BPCS Ver. 8.2   .

We are trying to restrict the Printer Session to different Users. (Like
Accounts Dept Users should not access Purchase Dept Printer Session) Vice
Versa.
Can anyone help me out on how to limit the Printer session to Different
Departments.

Thanks a lot in advance.

Regards,
Vishu

<snip> confidentiality notice inapplicable to an Internet discussion group.