nervull
Active Member
Does anyone have a good model on setting up OMW transfer rules? I am interested on how you setup security (not how to transfer objects) for developers.
Thanks
Thanks
antoine_mpo
Reputable Poster
Hi,
It depends on what you want to do.
For example we uses 2 pathcodes DV7333 and PY7333 (but more environments, using thoses pathcodes : DV, PY, IN,..).
OMW status are 21 for DV7333, and 28 for PY7333.
Default status for new project is 21, and default role is '02' developer.
I defined that the developer role could do everything with 21 projects, except release token (because i want to know if several developments impact the same object, to avoid problem while deploying to prodution).
But someone can change his role on a project, but it's really easy to protect this using Application security in P00950. You just need to block OK button of W98220D form.
Is that those kind of things you want to do ?
It depends on what you want to do.
For example we uses 2 pathcodes DV7333 and PY7333 (but more environments, using thoses pathcodes : DV, PY, IN,..).
OMW status are 21 for DV7333, and 28 for PY7333.
Default status for new project is 21, and default role is '02' developer.
I defined that the developer role could do everything with 21 projects, except release token (because i want to know if several developments impact the same object, to avoid problem while deploying to prodution).
But someone can change his role on a project, but it's really easy to protect this using Application security in P00950. You just need to block OK button of W98220D form.
Is that those kind of things you want to do ?
GSI Inc.
Well Known Member
Do you developers have access to the F00950
We had a similar issue where we needed to block developer's from changing their role and we did this with row security over the F0005 so the DEVGROUP could not even see the values "Manager", "PVC Administrator" works great but...
Developer's in our environment need to be able to have full access to the F00950. Right now they don't because they could go into the table and remove the records for security to stop them from changing their role to something else. This is a big deal with us right now. Our CNC team is not knowledgeable enough to maintain the F00950 file. If a new group is needed with all new security they can't do it. So we have to temporarilty change the group of the developer to SECGROUP. This is a pain becuase their may be no one arround to even do this security change to allow developers to change the F00950.
Any thoughts?
We had a similar issue where we needed to block developer's from changing their role and we did this with row security over the F0005 so the DEVGROUP could not even see the values "Manager", "PVC Administrator" works great but...
Developer's in our environment need to be able to have full access to the F00950. Right now they don't because they could go into the table and remove the records for security to stop them from changing their role to something else. This is a big deal with us right now. Our CNC team is not knowledgeable enough to maintain the F00950 file. If a new group is needed with all new security they can't do it. So we have to temporarilty change the group of the developer to SECGROUP. This is a pain becuase their may be no one arround to even do this security change to allow developers to change the F00950.
Any thoughts?
brother_of_karamazov
Legendary Poster
Leave the transfer activity rules alone. You really don't want the extra hassle of administrating custom transfer activity rules.
Apply the following security-
Application Security:
Restrict Access to P98230 (OMW Configuration) to *PUBLIC
Grant Access to P98230 to CNCADMIN
Row Security (W/ inclusive row security):
<font class="small">Code:</font><hr /><pre>
User Table Data Item From To Add Chng Delete View
*PUBLIC F98221 OMW Project Users 01 01 Y Y Y Y
CNCADMIN F98221 OMW Project Users 01 99 Y Y Y Y
DEVELOPERS F98221 OMW Project Users 01 02 Y Y Y Y
QA F98221 OMW Project Users 01 02 Y Y Y Y
QA F98221 OMW Project Users 04 04 Y Y Y Y
</pre><hr />
If you are not using the inclusive row security method let me know and I'll post the records for exclusive method.
[ QUOTE ]
Does anyone have a good model on setting up OMW transfer rules? I am interested on how you setup security (not how to transfer objects) for developers.
Thanks
[/ QUOTE ]
Apply the following security-
Application Security:
Restrict Access to P98230 (OMW Configuration) to *PUBLIC
Grant Access to P98230 to CNCADMIN
Row Security (W/ inclusive row security):
<font class="small">Code:</font><hr /><pre>
User Table Data Item From To Add Chng Delete View
*PUBLIC F98221 OMW Project Users 01 01 Y Y Y Y
CNCADMIN F98221 OMW Project Users 01 99 Y Y Y Y
DEVELOPERS F98221 OMW Project Users 01 02 Y Y Y Y
QA F98221 OMW Project Users 01 02 Y Y Y Y
QA F98221 OMW Project Users 04 04 Y Y Y Y
</pre><hr />
If you are not using the inclusive row security method let me know and I'll post the records for exclusive method.
[ QUOTE ]
Does anyone have a good model on setting up OMW transfer rules? I am interested on how you setup security (not how to transfer objects) for developers.
Thanks
[/ QUOTE ]
SULLY1
VIP Member
Re: Do you developers have access to the F00950
Our auditor's would go nuts if the developers had full access to F00950. I call this kind of access "keys to the kingdom". Too bad you don't have a good CNC person. Sounds like ONE of the developers should be in charge of this function until they can get the current CNC person trained.
Patty
Our auditor's would go nuts if the developers had full access to F00950. I call this kind of access "keys to the kingdom". Too bad you don't have a good CNC person. Sounds like ONE of the developers should be in charge of this function until they can get the current CNC person trained.
Patty
nervull
Active Member
I am looking for what you allow the developers to do in each pathcode (status). I want to secure out checkout in certain statuses (i.e. 26 - PY and 38 - PD), but it seems like GET and Checkout are considered to be the same action. I don't care if developers GET an object to their local clients.
Thanks
Thanks
nervull
Active Member
Yes, as luck would have it, we are using exclusive (I didn't set it up). The problem is we have added 2 more pathcodes...don't ask. So I have jacked with some of the transfer activity rules. I also need to know what developers should be allowed to do in PY and PD etc...
Thanks
Thanks
