Restricting access to CRP

Joseph_Sadler

Joseph_Sadler

Well Known Member
Hi everyone.

We would like to restrict our developers to Check In
and Deploy only to the CRP environment.

Does anybody know how to do this ?
Is there a OW manual that explains it ?
Is there a document in th KG ?

Thank you for any help you can give us.

Joseph.
Release 73.3.2 Service Pack 11.3
NT Deployment Server, AS/400 Enterprise Server
 
Having tried a host of ways to create this security, I can tell you it isn't easy or pretty.

The most common test that DOESN'T WORK is to set row security on the pathcode table (F00942). This can restrict access to checking in to other pathcodes, but also restricts a lot of other necessary developer functions.

The only thing I've found that will work is to set database security on the database to disallow developers to write to the prod central objects database. Unfortunately with this the user can still select to check in to production, but a database will pop up letting them know it failed. This can also be a little hairy with oneworld's "master" database security sign-on. If your developers use the same database pass-through user as all the other user (typically this is the case), then you will be securing everyone out of writing to prod pathcode. This would typically create problems if your production users do things with versions, like setting processing options, creating new batch versions and checking them in. They too would be locked out unless they are assigned a separate system sign-on with a different database security setup.

The good news is that the new omw in xe has added security features to help with this. The bad news is that omw can be a pain in the a** to set up and administrate... a lot more complicated than object librarian.

Good Luck



owguru (at least I'm trying :)
>all versions
>all platforms
 
Joseph,
I agree with Owguru. The real solution is upgrading to XE.
There is an other but very expensive solution for B7332.
In the near past, I have downloaded a white paper from the Knowledge Garden with the title "Change Management: Two Distinct Installs with Network Connectivity" which describes this solution how to separate the production and development environments duplicating the HW resources.
Unfortunately, I don't remember the exact place of it on the KG, it could be something "TIPS AND TECHNIQUES" somewhere.
I hope, you can find it also if you are interested in.
Zoltán

B7332 SP11, ESU 4116422, Intel NT4, SQL 7 SP1
(working with B7321, B7331, XE too)
 
Back
Top