Jack_Crouch
Well Known Member
There have been numerous and lengthy approaches (posted on the list) on how
one can go about security the F0101 "E" employee records.
What it really comes down to is needing row and column security at the same
time. For group ABC, allow the TAX column for "E" rows in F0101. OW
does not allow for this (to my knowledge).
The TAX field is important on F0101 - it holds SSN. If it is blanked out
(we tried this), then you would think that SSN in F060116 would be OK. We
have experienced situations where this configuration will mistakenly blank
out the SSN on the Employee Master file. Not a good thing.
The TAX field is important for other than "E" records and the world needs to
see this (Customer geo codes).
Anyway... I am convinced that the best approach is to modify P01012 and
other applications to hide the SSN under certain conditions. I was
thinking of creating a bogus application that I could use in F00950 security
file. My mod would look to records existing in here for this special app
to determine the behavior of the SSN hiding. This way, security for this
can be controlled from the Security Workbench (like most other security).
I am interested if anyone might have a better approach or caveats against
using the F00950 in such a manner.
AS400 V4R4, B733.2, SP11.3, NT-SQL7 for CO
one can go about security the F0101 "E" employee records.
What it really comes down to is needing row and column security at the same
time. For group ABC, allow the TAX column for "E" rows in F0101. OW
does not allow for this (to my knowledge).
The TAX field is important on F0101 - it holds SSN. If it is blanked out
(we tried this), then you would think that SSN in F060116 would be OK. We
have experienced situations where this configuration will mistakenly blank
out the SSN on the Employee Master file. Not a good thing.
The TAX field is important for other than "E" records and the world needs to
see this (Customer geo codes).
Anyway... I am convinced that the best approach is to modify P01012 and
other applications to hide the SSN under certain conditions. I was
thinking of creating a bogus application that I could use in F00950 security
file. My mod would look to records existing in here for this special app
to determine the behavior of the SSN hiding. This way, security for this
can be controlled from the Security Workbench (like most other security).
I am interested if anyone might have a better approach or caveats against
using the F00950 in such a manner.
AS400 V4R4, B733.2, SP11.3, NT-SQL7 for CO