Harisudhan21   495 pts.  |   May 14 2009  11:05AM GMT

Hi Martin, so it like assign each user a specific workstation or because they are logging in using Virtual devices how will be able to assign authority ? as they log off mostly and it frees up the session for some other user.

Am sorry if am wrong because thats how we use for our users here.

Thanks in advance

Batman47   525 pts.  |   May 15 2009  5:35PM GMT

You can restrict users from using virtual devices by specifying your naming convention on your interactive subsystem. For example, we used the command ADDWSE and used the generic PC* for the workstaion name so that only workstation IDs that begin ‘PC’ can allocate the interactive subsystem. This prevents people from using a virtual device (QPADEVxxx) by blanking out the workstation ID in their iSeries Access PC5250 configuration. Make sure you also have a strict policty in place for your other interactive subsystems that are active at the same time. For example, the console falls under QCTL, so we specifically specify the workstation IDs in IT Operations that can use it.

You can also take this a step further by making sure your system value QAUTOCFG is set to 0. You can even have QAUTOVRT set to 0 if you first create the workstation ID on the system before assigning the ID in the iSeries Access PC5250 configuration.

The recommendation for security on the DEVD is a good one, but I would also recommend controlling security changes on the devices by using an authorization list so that you can make security changes while the device is in use.