• Introducing Dark Mode! Switch by clicking on the lightbulb icon next to Search or by clicking on Default style at the bottom left of the page!

Restrict UBEVERS security

johndanter

Legendary Poster
Hi guys,

Is it possible to restrict access to a specific version of a UBE so that only one USERID can run said report version?

What I'm actually trying to achieve is to prevent users from running scheduled versions of a UBE.

Users are sometimes using a SCHED VERS to run over a specific DOCO or SHPN and then this causes problems.
As when users do this, if they change the runtime DS, this then 'sticks' on all future scheduled runs of the UBEVERS

I've been looking at P00950 (F00950) but it doesn't appear to have VERS

Are there other ways I could achieve this goal?

Has anyone successfully used the security 0-3 option. Is 3 too restrictive? Are there problems if I set such versions to 3?

Could I change or prevent access to the prompting screens maybe? That would prevent changing the DS??
Is this enough to prevent them changing the defined specs DS etc??



Thanks

John
 
Last edited:

David Robertson

Reputable Poster
1. Make the scheduler user own it's own versions, and set them to security 1, 2 or 3. 1 I think is copy or run but not change, 2 is copy only, and 3 is locked out. 1 or 2 is usually enough, 3 can be a pain.
2. Set up processing option (5) and application (3) security for the version in P00950. The columns in F00950 are FSFRDV (From value) and FSTHDV (Thru value)
 
Last edited:

johndanter

Legendary Poster
Hi Dave,

Yeah the scheduler does have it's own versions and that's problem. Instead of people configuring a manual one, they know ah well this works I'll just run it myself.
Which is bad practice.

I did suggest what you proposed (1,2,3) as I initially thought P00950 didn't have VERS. But it does. It's actually the FRDV (from value field)

Security option 3 is way too restrictive, agreed
 

peterbruce

Legendary Poster
John, Dave,

We actually use version security level 3. For the versions run on the scheduler etc. We do not want anyone changing or running it. We have ad hoc version(s) created for users to run.
 

johndanter

Legendary Poster
That's cool Peter.

Makes sense if you can log on as the E1 PROD scheduler I guess.

I'll see if this is an option but I think we restrict users from knowing such USER ID passwords, only CNC know them. But yeah, that would work
 

BPConnor

Active Member
I would use version security to restrict access to the specific versions used for the scheduler. I would set it to *PUBLIC run N for the version and then grant it back at the scheduler role level.
 

peterbruce

Legendary Poster
John,

Just to clarify, we do have a production scheduler user ID and access to it is limited to two people. The versions that are used by the scheduler are restricted to the scheduler user ID with level 3 version security. The other versions do not have any version security applied to them.
 
Top