Register

Forgot Password

Site FAQ

Home > IT Answers > AS/400 > Restrict user to Specify Workstation ID

abiha6325

110 pts.

Restrict user to Specify Workstation ID

iSeries Access for Windows, iSeries administration, iSeries security, QLMTDEVSSN, System administration, System Security, User restrictions

Here is the situatiion: We have told users to use only their workstation id range only but some users are not follow instructions and in that case they are using other user workstation id range. Although, system value QLMTDEVSSN is already set as '1' (Limit). By setting up system value we can only restrict users to signon session limit not the same workstation id. So, Looking for solution to restrict user to use specific workstation id defined in iseries access for windows: communication --> Configure --> Specify Workstation Id. I will appreciate in advance for your advise and solution.

Software/Hardware used:

ASKED: May 13, 2009 11:42 AM

UPDATED: May 15, 2009 5:35 PM

RELATED QUESTIONS

Answer Wiki:

Hi, You can also restrict use of the device on the AS/400. Use WRKOBJ to work with the device description (*DEVD) and change the authority to *PUBLIC = *EXCLUDE and the specific user to *USE. The user will then not be able to sign-on using that device. Regards, Martin Gilbert.

Last Wiki Answer Submitted: May 13, 2009 12:09 pm by Gilly400

23,625 pts.

All Answer Wiki Contributors: Gilly400

23,625 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: May 14, 2009 11:05 AM (GMT)

Hi Martin, so it like assign each user a specific workstation or because they are logging in using Virtual devices how will be able to assign authority ? as they log off mostly and it frees up the session for some other user.

Am sorry if am wrong because thats how we use for our users here.

Thanks in advance

harisudhan21

995 pts.

POSTED: May 15, 2009 5:35 PM (GMT)

You can restrict users from using virtual devices by specifying your naming convention on your interactive subsystem. For example, we used the command ADDWSE and used the generic PC* for the workstaion name so that only workstation IDs that begin ‘PC’ can allocate the interactive subsystem. This prevents people from using a virtual device (QPADEVxxx) by blanking out the workstation ID in their iSeries Access PC5250 configuration. Make sure you also have a strict policty in place for your other interactive subsystems that are active at the same time. For example, the console falls under QCTL, so we specifically specify the workstation IDs in IT Operations that can use it.

You can also take this a step further by making sure your system value QAUTOCFG is set to 0. You can even have QAUTOVRT set to 0 if you first create the workstation ID on the system before assigning the ID in the iSeries Access PC5250 configuration.

The recommendation for security on the DEVD is a good one, but I would also recommend controlling security changes on the devices by using an authorization list so that you can make security changes while the device is in use.

Batman47

1,050 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags