Security for Synon library lists?
I am having some problems locking down the library lists available to my developers. I'm sure previously, if they attempted to change their library list, using the synon library lists previously setup, and they were not authorised to one of the libraries in that list, it would fail. For some reason it doesn't fail now and we get swamped with authority errors because they have "live" objects in a developers job library list.
I have looked at the lists themselves and there doesn't seem to be a way of securing them from there. There has been no authority changes to the libraries themselves and I have been through and checked them.
Any help greatly appreciated!
Software/Hardware used:
Software/Hardware used:
ASKED:
May 13, 2009 11:12 AM
UPDATED:
May 15, 2009 4:35 PM
Answer Wiki:
Hi,
Has there been some change in authority in the Synon programs? Maybe one of the programs that changes the *LIBL now runs under *OWNER authority?
Regards,
Martin Gilbert.
To see all answers submitted to the Answer Wiki: View Answer History.
None that I know of.
They use a command which is just “R <library list name>” which does the change. I can’t find the list as an object on the system and I think the “R” command is a synon thing (as you can probably tell I’m not that familiar with Synon!).
from the Synon main menu take option 61 – Synon/1E (Utilities) and then 2 – user access , and 1 – library lists.
or
Use the ywrkliblst command
check and amend the library lists as needed.
The R <liblist> command selects one of these records and sets the library list and environment the way you defined it with YWRKLIBLST – beware, by default you also amend the job description when you edit the liblst – need to tell it NO, on one of the parameters.
Most sites I’ve worked have ‘live’ libraries in the library list – just need to ensure that they are lower down than the development ones.
Once you have access to the library list file you can remove dead ones, and tune live ones to the right sequence.
The library lists themselves are OK. We have different library lists for developers to use and for production users, however, I do not need to prevent developers from using the ones that are set up for production users. Currently a developer can set his or her library list to whichever they want, which is deemed to be unacceptable by more senior people.
Previously when a developer attempted to use this method to set a production library list, it would fail giving the message that they were not auhtorised to one of the libraries. This does not seem to be failing now and, so far, no one seems to be able to tell me when this started. I am not aware of any authority change on the library (developers are specifically excluded from the library authority). I can’t seem to get to fail now.
Not sure if this will help…. we have Synon libraries too, and discovered they need their own seperate security. We have no problem letting the developers have all access in in Development (not worried about them deleting anything because we have backups). However, in Production only the Production users have all access (through a menu system). Everyone else (including the developers) fall under *PUBLIC, and we have that set to ALL… EXCEPT Object Exist, Alter, and Ref. Our BPCS security does not work that way, only for Synon.