Scenario 1: Set up Application Administration

This scenario describes how to plan and configure a system to be administered through Application Administration. It demonstrates how you can control access to applications by limiting users to applications and functions that are specific to their job duties.

Suppose that your company has a server (Server001) in a network that runs the following client applications:

Manufacturing application
A client interface with these administrable functions:
  • Inventory Management
  • Order Fulfillment
Finance application
A client interface with these administrable functions:
  • Accounts Receivable
  • Budgeting

Users access the server by using iSeries™ Access for Windows® and iSeries Navigator. You must determine which applications you want to administer through Application Administration. Then you must evaluate what type of access your users require for each function.

Step 1: Plan your Application Administration strategy

Which applications to administer?
Server001 has two, and only two, distinct groups of users: users of the Manufacturing application, and users of the Finance application. The manufacturing users should not have access to the Finance application, and Finance users should not have access to the Manufacturing application. In addition, each group has different access settings to the various iSeries Navigator functions. Because of this, you need to register iSeries Navigator, the Manufacturing application, and the Finance application on Server001. iSeries Access for Windows and its administrable functions (iSeries Navigator) are automatically registered when you install Application Administration so you do not need to register iSeries Navigator.
What type of access do you want users to have to the administrable functions of those applications?
All users that use the Manufacturing application belong to a user group that is called MFGUSER. All manufacturing team leaders also belong to a user group that is called MFGLEAD. All users that use the Finance application belong to a user group that is called FINANCE. Now that you have determined the user groups, you can give the users of the applications on Server001 access to the following:
Manufacturing application
Inventory Management
Only Judy, Natasha, Jose, and Alex require access to this function.
Order Fulfillment
All manufacturing team leaders require access to this function, except Alex.
Finance application
Accounts Receivable
All members of FINANCE require access to this function.
Budgeting
All members of FINANCE require access to this function.
iSeries Navigator
  • All manufacturing users require access to Basic Operations.
  • All finance users require access to Basic Operations, Database, and File Systems.
  • All system administrators require access to all iSeries Navigator functions.
Note: The administrators on this server do not require access to the Manufacturing application or the Finance application. All administrators have all object system privilege.

Step 2: Set up your Application Administration strategy

Given the information you compiled in planning your Application Administration strategy, configure the access settings for each application's administrable function as follows:

Manufacturing application
Inventory Management
  1. From the Application Administration dialog, go to the Client Applications page.
  2. Expand Manufacturing application.
  3. For Inventory Management, deselect Default Access.
  4. Click Customize. This opens the Customize Access dialog.
  5. In the Access field, deselect All object system privilege.
  6. Expand All Users in the Users and Groups list box.
  7. Select Judy, Natasha, Jose, and Alex from the list of all users and click Add to add them to the Access Allowed list.
  8. Click OK to save the access settings.
  9. For Order Fulfillment, deselect Default Access.
  10. Click Customize. This opens the Customize Access dialog.
  11. In the Access field, deselect Users with all object system privilege.
  12. Expand All Users in the Users and Groups list box.
  13. Select Alex from the list of all users and click Add to add him to the Access Denied list.
  14. Expand Groups in the Users and Groups list box.
  15. Select MFGLEAD from the list of groups and click Add to add the group to the Access Allowed list.
  16. Click OK to save the access settings.
Finance application
All functions
  1. From the Application Administration dialog, go to the Client Applications page.
  2. Expand Finance application.
  3. For Accounts Receivable, deselect Default Access.
  4. Click Customize. This opens the Customize Access dialog.
  5. In the Access field, deselect Users with all object system privilege.
  6. Expand Groups in the Users and Groups list box.
  7. Select FINANCE from the list of groups and click Add to add the group to the Access Allowed list.
  8. Click OK to save the access settings.
  9. Repeat these steps for Budgeting.
iSeries Navigator
Basic Operations
  1. From the Application Administration dialog, go to the iSeries Navigator page.
  2. For Basic Operations, select Default Access and All Object Access.
  3. Click OK to save the access settings.

Database

  1. From the Application Administration dialog, go to the iSeries Navigator page.
  2. For Database, deselect Default Access.
  3. Click Customize. This opens the Customize Access dialog.
  4. In the Access field, select Users with all object system privilege.
  5. Expand Groups in the Users and Groups list box.
  6. Select FINANCE from the list of groups and click Add to add the group to the Access Allowed list.
  7. Click OK to save the access settings.

File Systems

  1. From the Application Administration dialog, go to the iSeries Navigator page.
  2. For File Systems, deselect Default Access.
  3. Click Customize. This opens the Customize Access dialog.
  4. In the Access field, select Users with all object system privilege.
  5. Expand Groups in the Users and Groups list box.
  6. Select FINANCE from the list of groups and click Add to add the group to the Access Allowed list.
  7. Click OK to save the access settings.

All other iSeries Navigator functions

  1. From the Application Administration dialog, go to the iSeries Navigator page.
  2. For each function, deselect Default Access and select All Object Access.
  3. Click OK to save the access settings.

Now, you have used the Local Settings within Application Administration to set up an environment that restricts user access to specific functions. If you want to set up an administration system for Central Settings, continue to scenario 2 which explains how to use the Central Settings in your Application Administration strategy.

Parent topic: Scenarios: Application Administration