• Introducing Dark Mode! Switch by clicking on the lightbulb icon next to Search or by clicking on Default style at the bottom left of the page!

Security for new Archived Data Environment: want to restrict everyone to inquiry only

Good day everyone.

My question: How can we give the business users access to a new Archive Environment, with the same programs and reports that they have in the Production Environment, but prevents them from Adding/Changing/Deleting any data in the new Archive Environment?

Some background:
We will be purging data from our Production data library and saving it to a separate Archive library. The data file names will be the same in both the Production and Archive libraries; records will exist in either one library or the other.
We will also be creating a new Archive Environment with separate user ID's and user groups that will be unique to the Archive Environment and the Archive data library. Users will not use this environment much, but they will access it occasionally and we'd like this Archive Environment to function similarly to the Production Environment.

We use World A7.3 (cume 15?) on an AS400

Thank you.
 

Luke Phillips

Well Known Member
[Hi,

you have 3 possibilities.

1) Rent our ALLOut soxlock product. very easy but will cost a bit of money.
2) Use JDE action code security which will mean only certain screens and batch programs can update.
3) Apply security at iSeries level. This is probably harder than it sounds because JDE will need to write certain types of records to function normally.

Cheers
 

Jim_rubino

Reputable Poster
Hello Chris,

You need to create a new environment library list. In this list you would need two new libraries - your archive library (where the archived data is) and a copy of your security/common library (where the action files, function key files are). When you create this new environment library list you would replace your production security library with the named copy security library, your production common library with the named copy common library and you would put the archived library just before your production data library. Then add this environment to your sign on list. Then this will allow you to go in and set all users security to what you want them to do - i.e. no add, change or delete rights.
Then you add this environment to all users that you want to have access to this new environment.

I hope this helps?
Jim
 
Jim, Alex,

Thanks for your replies. I'd like to carry this a step further if I may.

If the new environment library list is created as per Jim_rubino, doesn't that allow the users the ability to access Production data while logged into the Archive Environment?

If yes, I envision creating new User ID's, new class/group profiles, and new menus, all specific to the new Archive Environment.
Each application will need to be listed in Action Code Security with No Add, No Change and No Delete for every ID and class/group. Fast Path and Command Line will both be removed from all users and class/groups.
But this is not perfect because DreamWriters can update data.
So each table will also need to be added to IBM table security to prevent any modifications to any tables.

Is this the way to prevent any modification of data while logged into the new Archive Environment?

Thanks.
 
Top