Sunday, June 12, 2016

IRIS User Privelages

This page is a part of the "Understanding IRIS" collection.  Many thanks to David Takle, for figuring this out, and sharing this with us:


Whoever designed this application created multiple accounts like ACCOUNTING, APGL (presumably accounts payable and general ledger), and so on.

The problem is they gave them all privilege level 2 on their account status. Which means they can create files that the MANAGER account cannot get access to. They won't even show up on a LIBR listing!
This should never have been the case.
Since no one is allowed to log on to the SYSTEM account (it is reserved for critical files like INDEX, DMAP, REX),
the MANAGER must be the person who maintains the operating system. No one should be able to lock out the manager from examining a file.

Which means the proper IRIS priv system is as follows:

3 = System
2 = Manager
1 = high level user
0 = low level user

Consequently, I will be dropping all user accounts from Priv 2 to Priv 1 and updating all files that were created with priv 2 by those users to reflect the new protection.
That way I can have access to them.


This page is a part of the "Understanding IRIS" collection.  

No comments:

Post a Comment