1.  Home
  2. MAPICS-L
  3. June 2003

Re: Authority to Mapics Files from PC programs

ODBC and other methods that require 'managed' object access can be a real 
hassle
if you build it around specific users.  You would have to manually 
add/remove people
and then trying to provide access while people are on the system can be 
difficult.

What I suggest you do is create a couple of *restricted* accounts, each 
dedicated
to a specific file(s) in MAPICS.
for example an account called:          itemacct        to access item 
type objects
                                puracct         to access purchasing files
                                restacct                to access 
restricted data such as empmas, payroll, etc.

These accounts in turn can be used by more than one person using PC based 
programs
accessing files via ODBC.  The advantage is that is not tailored to the 
individual.

Also, if your plan is to change data, think very heavily about having your 
PC programs
pass some token to identify who made the change, since accounts are 
shared!  You
can make use of users fields in MAPICS for this practice.

It is very important that you not assign a menu option for these accounts, 
in other words
if someone were to sign into AS/400 they would have very significant 
restrictions.
Also ensure these accounts don't find their way into MAPICS as user 
accounts,
it could impact your licensing.

Remember that when an program fails, some applications allow a debug mode 
that
shows code including hardcoded passwords - Access for example.

Example of AS/400 account:

Initial program to call  . . . .   *NONE 
  Library  . . . . . . . . . . . 
Initial menu . . . . . . . . . .   MAIN 
  Library  . . . . . . . . . . .     *LIBL 
Limit capabilities . . . . . . .   *YES 
Special authority  . . . . . . .   *NONE
Group profile  . . . . . . . . .   *NONE 
Owner  . . . . . . . . . . . . .   *USRPRF 
Group authority  . . . . . . . .   *NONE 

ODBC considerations - giving access to files.
Typically when no users are logged into MAPICS)

First edit auth on file lib:  (How can you get to file if Library is 
closed?)

 EDTOBJAUT OBJ(QSYS/AMFLIBA) OBJTYPE(*LIB)
change it using F6 & F11 to add ADDACCTNAMEHERE with READ and EXECUTE 
abilities.
NO OTHER!

Then edit the object auth on files in the lib:
EDTOBJAUT OBJ(AMFLIB/POCOMT) OBJTYPE(*FILE)
change it using F6 & F11 to add ADDACCTNAMEHERE with OPR, READ, and 
EXECUTE.
NO OTHER!


I hope this helps, I'm not an authority on security (or anything else!) so 
please exercise
a cautious approach.

Best of luck!

BTW: If you are attempting use ODBC for SQL execution over multiple files, 
I believe
in many cases SQL only uses the default library, regardless of how many 
other libraries
you place in the library list box of the ODBC screen.





"hrishikesh kotwal" <hdkotwal@xxxxxxxxxxx> 
Sent by: mapics-l-bounces+leleux=shur-lok.com@xxxxxxxxxxxx
06/06/2003 07:09 AM
Please respond to
MAPICS ERP System Discussion <mapics-l@xxxxxxxxxxxx>


To
MAPICS-L@xxxxxxxxxxxx
cc

Subject
Authority to Mapics Files from PC programs






   Hi all:

 

   We have started developing many PC programs that access Mapics Files 
via
   ODBC & SQL. The users who use these PC programs are also Mapics Users.
   Therefore, they already have atleast 'Read' access to Popular Mapics
   files. But when the same users are trying to access the files from PC
   programs, they get the following error message:

   *** START ***

   General SQL error.

   [IBM][Client Access Express ODBC Driver [32-bit][DB2/400 SQL]SQL0551 - 
Not
   authorized to object ITEMASA in AMFLIBQ type *FILE.

   ***END***

   How to deal with this problem?

   Thanks in advance.

 

   Regards,
 
   Hrishikesh Kotwal
 

 ----------------------------------------------------------------------

   It's magic. It's a whole new world. It's the Windows XP experience.
_______________________________________________
This is the MAPICS ERP System Discussion (MAPICS-L) mailing list
To post a message email: MAPICS-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/mapics-l
or email: MAPICS-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/mapics-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.