How to determine security requirements to run a batch program

 5 Replies
 1 Subscribed to this topic
 15 Subscribed to this forum
Sort:
Author
Messages
JasonP
Advanced Member Send Private Message
Posts: 28
Advanced Member

Hi-

 

I have heard there is a unix/lid command we can run on a form that will report out what table and form security it rquires.  For example if I ran it on form AP520, it might return to me apcinvoice and apcdistrib.  Anyone know this command or have a good method on how to determine what security is needed for each program.

 

Thanks.

 

edison
Advanced Member Send Private Message
Posts: 23
Advanced Member
we use Security Administrator - Report Maintenance - Create an ObjSecReport and specify the Securable object the report will show the access, security classes, role and users who have access to it. I'm also interested in knowing if there is a LID command or IPA equivalent for the question.
JimY
Veteran Member Send Private Message
Posts: 510
Veteran Member
Not sure if this helps, but you can type laenv at the prompt in Lid and the select User Desktop/Application Text/Print Technical Text. This will show you what tables are associated with the program, but probably not form security it requires.
Jason Beard
Veteran Member Send Private Message
Posts: 124
Veteran Member
The commandline version of JimY's suggestion is dburf dburf productline ap ap520 > ap520.txt will provide the tables that are accessed for a particular form. If you want to see if a program invokes (calls) other programs you can use the lstinvk command lstinvk productline ap520
Jason Beard
617-548-5568
jabeard3@gmail.com
JasonP
Advanced Member Send Private Message
Posts: 28
Advanced Member

One of the reasons why I ask the question is we were kicking off an ap520 via process flow to pick up invoices but occasionally it grabs garnishments from payroll.  Those garnishments when picked up by AP520 were losing the comments.  It turned out the process flow account did not have access to L_hcvi which is where the comments are stored when sent over by payroll.

 

The dburf command nor the lstinkvk command does not list L_HCVI as a file being read from?

Dave Amen
Veteran Member Send Private Message
Posts: 75
Veteran Member
Hi Jason,

The "attachment" tables travel together with the tables they're based on.

L_HCVI and L_DCVI are connected to the CVI table. which is APCINVOICE (see the pattern?) My recommendation: assuming you have a SecClass that is something like APFiles to include all of the AP tables, in the SecAdmin tool focus on Files, right-click on AP, Select next level, and it picks all of the tables under AP including the L_ attachment tables. Then when connecting APFiles to every user that has AP screens, the L_ tables are always included! Regards, Dave (303) 773-3535