Scenario: Setting up Application Administration

 

This scenario describes how to plan and configure a system to be administered through Application Administration. It demonstrates how you can control access to applications by limiting users to applications and functions that are specific to their job duties.

Suppose that your company has a system (System001) in a network that runs the following client applications:

Manufacturing application

A client interface with these administrable functions:

Finance application

A client interface with these administrable functions:

Users access the system by using iSeries™ Access for Windows® and iSeries Navigator. You must determine which applications you want to administer through Application Administration and evaluate what type of access users require for each function.

 

Step 1: Planning your Application Administration strategy

Which applications do you want to administer?

System001 has two distinct groups of users: users of the Manufacturing application, and users of the Finance application. The manufacturing users should not have access to the Finance application, and the finance users should not have access to the Manufacturing application. In addition, each group has different access settings to the various iSeries Navigator functions. Because of this, you need to register the Manufacturing application and the Finance application on System001. iSeries Access for Windows and its administrable functions (iSeries Navigator) are automatically registered when you install Application Administration, so you do not need to register iSeries Navigator.

What type of access do you want users to have to the administrable functions of those applications?

All users that use the Manufacturing application belong to a user group that is called MFGUSER. All manufacturing team leaders also belong to a user group that is called MFGLEAD. All users that use the Finance application belong to a user group that is called FINANCE. Now that you have determined the user groups, you can give the users of the applications on System001 access to the following applications:

Manufacturing application

Inventory Management

Only Judy, Natasha, Jose, and Alex require access to this function.

Order Fulfillment

All manufacturing team leaders require access to this function, except Alex.

Finance application

Accounts Receivable

All members of FINANCE require access to this function.

Budgeting

All members of FINANCE require access to this function.

iSeries Navigator

  • All manufacturing users require access to basic operations.

  • All finance users require access to basic operations, database, and file systems.

  • All system administrators require access to all iSeries Navigator functions.

The administrators on this system do not require access to the Manufacturing application or the Finance application. All administrators have all object system privilege.

 

Step 2: Setting up your Application Administration strategy

Given the information you compiled in planning your Application Administration strategy, configure the access settings for each application's administrable function as follows:

Manufacturing application

Inventory Management

  1. From the Application Administration dialog, go to the Client Applications page.

  2. Expand Manufacturing application.

  3. For Inventory Management, deselect Default Access.

  4. Click Customize. This opens the Customize Access dialog.

  5. In the Access field, deselect All object system privilege.

  6. Expand All Users in the Users and Groups list box.

  7. Select Judy, Natasha, Jose, and Alex from the list of all users and click Add to add them to the Access Allowed list.

  8. Click OK to save the access settings.

  9. For Order Fulfillment, deselect Default Access.

  10. Click Customize. This opens the Customize Access dialog.

  11. In the Access field, deselect Users with all object system privilege.

  12. Expand All Users in the Users and Groups list box.

  13. Select Alex from the list of all users and click Add to add him to the Access Denied list.

  14. Expand Groups in the Users and Groups list box.

  15. Select MFGLEAD from the list of groups and click Add to add the group to the Access Allowed list.

  16. Click OK to save the access settings.

Finance application

All functions

  1. From the Application Administration dialog, go to the Client Applications page.

  2. Expand Finance application.

  3. For Accounts Receivable, deselect Default Access.

  4. Click Customize. This opens the Customize Access dialog.

  5. In the Access field, deselect Users with all object system privilege.

  6. Expand Groups in the Users and Groups list box.

  7. Select FINANCE from the list of groups and click Add to add the group to the Access Allowed list.

  8. Click OK to save the access settings.

  9. Repeat these steps for Budgeting.

iSeries Navigator

Basic Operations

  1. From the Application Administration dialog, go to the iSeries Navigator page.

  2. For Basic Operations, select Default Access and All Object Access.

  3. Click OK to save the access settings.

Database

  1. From the Application Administration dialog, go to the iSeries Navigator page.

  2. For Database, deselect Default Access.

  3. Click Customize. This opens the Customize Access dialog.

  4. In the Access field, select Users with all object system privilege.

  5. Expand Groups in the Users and Groups list box.

  6. Select FINANCE from the list of groups and click Add to add the group to the Access Allowed list.

  7. Click OK to save the access settings.

File Systems

  1. From the Application Administration dialog, go to the iSeries Navigator page.

  2. For File Systems, deselect Default Access.

  3. Click Customize. This opens the Customize Access dialog.

  4. In the Access field, select Users with all object system privilege.

  5. Expand Groups in the Users and Groups list box.

  6. Select FINANCE from the list of groups and click Add to add the group to the Access Allowed list.

  7. Click OK to save the access settings.

All other iSeries Navigator functions

  1. From the Application Administration dialog, go to the iSeries Navigator page.

  2. For each function, deselect Default Access and select All Object Access.

  3. Click OK to save the access settings.

Now, you have used the Local Settings within Application Administration to set up an environment that restricts user access to specific functions.

 

Parent topic:

Scenarios: Application Administration
Related reference
Scenario: Setting up an administration system for Central Settings