I am new at Baan, so I would like to know what is kind of permissions a user must have to perform baan administration (user management, system administration, etc), ie, this user must be a "super-user" or must belong to the tools_user group?

By the way, what are the main permissions that a "super-user" have in a Baan system?

Best Regards,

Please do not cross-post, read the forum rules, the other thread was deleted.

That is a very wide question, you should read any manuals related to Tools authorizations (search the threads for more information) to understand how permissions are set in Baan. In resume:

- You have authorizations for data (tables, etc.), Baan objects (sessions, etc.), developper authorizations and audit authorizations.
- Normal users need allow autorizations to access (run) sessions and restrictions to access tables; super users have allow authorization to all.
- Developper authorizations are set thru a specific session (that needs a password, usually controlled by the "super" super-user)
- Audit authorizations can only be defined by root (on unix, on Windows I think it's the "baan" user)

Also, there are a few things in Baan that can only be run by root, others by bsp.

OK, but I don't any much Baan documentation, so please I would like to obtain the following urgent information:

- It's necessary to be a "super-user" to access to the Tools Modulo?
- It's possible to configure a group (ex: "Tool_users") where I could assign the users able to access to the Tools module?
- The developers need to have access to the Tools module to perform their tasks or just to restrict sessions (given by the Baan administration)?
- Also, the developers need to be "super-users" in the live environment to perform their tasks?

Best Reagrds,

if you have Baan, then you have the information. Even though the Baan onlin e help, looks outdated. It actually covers most aspects pretty deeply. Your questions are all answered there.


If you are responsible for the tasks indicated below, then you should also seriously consider a "AAD" (Application Administration) Course from Baan.

Anyway here some answers:

a) You do not need to be superuser fpr the tools, but can go through the effort to assign the rights manually.

b) Baan IV has no proper role or group concept in regards to authorization. The best you can do, is to create template user and copy the assigned authorzations to actual users.

c) In a proper setup the developers should have no authorizations in th elife system. Development should be done only in a test system and, if approved, SW components are exported/imported in the test System by an admin in a controlled manner. But this is only my opinion and a bit philosophical.

By the way, you will have more success with these kind of questions in the Tools related forums.

Enjoy your time in Baan,

Markus

No, I don't have a Baan system with me :))
I am collecting theses questions in order to gain more knowledge about Baan security.

But for instance, the users assigned to the session ttadv0142m000 have development authorization for all VRC's, (the same for the session ttadv0141m000, but for individual VRC's?, right?

So, in control environment (even in theory), the developers should only have aceess to the above sessions on a development environment, never in the production environment?

The same question fot the sessions ttadv0145m000 (Maintain general developer authorization) and ttaad4100 (General table maintenance)...

Finally, the developers need to access to the Tools Module to perform their tasks?

Best Regards,

Some of these question depends are your environment:

(1) Use these session to setup what your developers have access to. A developer does not need access to ttadv0142m000 or ttadv0141m000 sessions in production or development. App Admin can grant permissions.
(2) As for tdaad4100 - here we have access to it on all platforms. Who else is going to make all the table changes to keep things running. This just depends on what your developers do at your site.:) And of course our production environment is audited for these changes.
(3) Yes - access to the tools module is needed. That is where all the session development tools are. You do not have to grant the whole module, but it is probably easier this way.

Mark

Just one more question,

What effectively a "super-user" can do in a Baan system?
Can it have automatically access to all session (of all companies) and the whole Tools module?

What is the difference between the user with "super-user" rights and the root (Baan) user?

Best Regards,

A super-user can run any session in Baan as far as I know. Of course the super-user needs to know passwords to get into certains sessions, like ttaad4100.

Depends on the set-up. On our system super-user has most permissions in development - except for ttadv0142m000 or ttadv0141m000. In production we do not have permission to update sessions/scripts etc. This is maintained at the UNIX level. So only BSP can do everything on all systems at our site.

Mark

Hello,

Could anybody please explain what is the previleges/main objective given by the Baan session "ttaad4100" ?

Best Regards,

Hi there,

ttaad4100 is a session that gives write access to Baan tables, apart from being able to modify date, you can also delete/insert rows. If you don't have a very very good knowlege of the data struture and dependencies .... do not start this session. Use ttaad4500 instead, this is very similar, but only grants read access. For a Baan expert ttaad4100 often provides a quick way to solve problems without having to write a program first.

A superuser cannot be restricted by means of dedicated access rights/restrictions on module/table basis. .....
This means that you can use the sessions found in menue ttaad3020m000 only for normal users.

But one thing ..... one the one hand you say that you don't have a Baan system at hand to look at the tools manual .... on the other hand you state session names exact to the letter .... *just wondering*

BTW, you can find the windows help file for tools at $BSE/lib/help/ttB40c4 (if this is your version) ... named tt3.hlp ... ftp it to a windows box and have fun.

hth

Norbert