Restrict user to Specify Workstation ID

110 pts.
Tags:
iSeries Access for Windows
iSeries administration
iSeries security
Security
Systems administration
User restrictions
Here is the situatiion: We have told users to use only their workstation id range only but some users are not follow instructions and in that case they are using other user workstation id range. Although, system value QLMTDEVSSN is already set as '1' (Limit). By setting up system value we can only restrict users to signon session limit not the same workstation id. So, Looking for solution to restrict user to use specific workstation id defined in iseries access for windows: communication --> Configure --> Specify Workstation Id. I will appreciate in advance for your advise and solution.

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hi,

You can also restrict use of the device on the AS/400. Use WRKOBJ to work with the device description (*DEVD) and change the authority to *PUBLIC = *EXCLUDE and the specific user to *USE. The user will then not be able to sign-on using that device.

Regards,

Martin Gilbert.

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • harisudhan21
    Hi Martin, so it like assign each user a specific workstation or because they are logging in using Virtual devices how will be able to assign authority ? as they log off mostly and it frees up the session for some other user. Am sorry if am wrong because thats how we use for our users here. Thanks in advance
    1,005 pointsBadges:
    report
  • Batman47
    You can restrict users from using virtual devices by specifying your naming convention on your interactive subsystem. For example, we used the command ADDWSE and used the generic PC* for the workstaion name so that only workstation IDs that begin 'PC' can allocate the interactive subsystem. This prevents people from using a virtual device (QPADEVxxx) by blanking out the workstation ID in their iSeries Access PC5250 configuration. Make sure you also have a strict policty in place for your other interactive subsystems that are active at the same time. For example, the console falls under QCTL, so we specifically specify the workstation IDs in IT Operations that can use it. You can also take this a step further by making sure your system value QAUTOCFG is set to 0. You can even have QAUTOVRT set to 0 if you first create the workstation ID on the system before assigning the ID in the iSeries Access PC5250 configuration. The recommendation for security on the DEVD is a good one, but I would also recommend controlling security changes on the devices by using an authorization list so that you can make security changes while the device is in use.
    1,050 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following