Group security report

I have been instructed to come up with a report of what each and every group can access or is limited from accessing. I have looked at this request and do not see any why of bringing this puppy home. Has anyone had similar requests and if so how did you go about resolving the issue. With SOX breathing down our neck, I can tell an auditor whom is in a group, but I cannot tell them what a group can do. Any feedback would be greatly appreciated.

Gary Hanson
Manager IT
Xe Update 6, SP23, AS/400 V5R2,

Gary -

I have experience in audit (internal and external), and have worked with World and OneWorld software. I would be happy to discuss your specific security setup off line. There are several questions that I would need to ask you (e.g. do you use OW group security in concert with row security, application security, action security, etc., are you using Solution Explorer security to limit menu access?) that are likely too voluminous for this forum. Also, do you have 3rd party reporting packages like ShowCase or Crystal reports? I use ShowCase to combine files to produce reports, but you can use the tools within OneWorld to provide the auditors with the information they need.
Send me a PM if you would like.

I have created such a report that works off of the F00950 in conjunction
with the menu tables. It drills through the menus and reports the menu
structure as well as the action security for the programs allowed, as well
as batch security and some other items.

It is possible - but it took a little while to work out the bugs. We
actually use the report to give to our auditors to show what groups can do.
I wanted to give out the report in an ESU, but liability concerns kept my
company from allowing me to distribute it.

If you email me offline, I can send you a copy of the report and what it
looks like and some general pointers on how I created it and maybe that will
give you some guidance on how to create something similar.



-John

Re: RE: Group security report

Is it possible that you could send me the code for the "Group Security" report - you have created.

Thanks.

Re: RE: Group security report

I would also be interested in a copy of this code.

Thank you.

Re: RE: Group security report

John

Can u send me a copy of the Security Report please.

Thanks James

Re: RE: Group security report

We ended up loading some of the security tables into Access and writing queries for critical functions that our financial auditors identified as primary controls. We looked at application and action security and then other security types as a last resort. Hopefully Oracle/PS/JDE will improve the as delivered security reports at some point.

Good luck with the custom reports if you go that route.

Nick