How to determine security requirements to run a batch program

 5 Replies
 1 Subscribed to this topic
 15 Subscribed to this forum
Sort:
Author
Messages
JasonP
Advanced Member
Posts: 28
Advanced Member

    Hi-

     

    I have heard there is a unix/lid command we can run on a form that will report out what table and form security it rquires.  For example if I ran it on form AP520, it might return to me apcinvoice and apcdistrib.  Anyone know this command or have a good method on how to determine what security is needed for each program.

     

    Thanks.

     

    edison
    Advanced Member
    Posts: 23
    Advanced Member
      we use Security Administrator - Report Maintenance - Create an ObjSecReport and specify the Securable object
      the report will show the access, security classes, role and users who have access to it.

      I'm also interested in knowing if there is a LID command or IPA equivalent for the question.
      JimY
      Veteran Member
      Posts: 510
      Veteran Member
        Not sure if this helps, but you can type laenv at the prompt in Lid and the select User Desktop/Application Text/Print Technical Text. This will show you what tables are associated with the program, but probably not form security it requires.
        Jason Beard
        Veteran Member
        Posts: 124
        Veteran Member
          The commandline version of JimY's suggestion is dburf
          dburf productline ap ap520 > ap520.txt will provide the tables that are accessed for a particular form.
          If you want to see if a program invokes (calls) other programs you can use the lstinvk command
          lstinvk productline ap520
          Jason Beard
          617-548-5568
          jabeard3@gmail.com
          JasonP
          Advanced Member
          Posts: 28
          Advanced Member

            One of the reasons why I ask the question is we were kicking off an ap520 via process flow to pick up invoices but occasionally it grabs garnishments from payroll.  Those garnishments when picked up by AP520 were losing the comments.  It turned out the process flow account did not have access to L_hcvi which is where the comments are stored when sent over by payroll.

             

            The dburf command nor the lstinkvk command does not list L_HCVI as a file being read from?

            Dave Amen
            Veteran Member
            Posts: 75
            Veteran Member
              Hi Jason,

              The "attachment" tables travel together with the tables they're based on.


              L_HCVI and L_DCVI are connected to the CVI table. which is APCINVOICE (see the pattern?)

              My recommendation: assuming you have a SecClass that is something like APFiles to include all of the AP tables, in the SecAdmin tool focus on Files, right-click on AP, Select next level, and it picks all of the tables under AP including the L_ attachment tables. Then when connecting APFiles to every user that has AP screens, the L_ tables are always included!

              Regards,
              Dave
              (303) 773-3535