40.7 Adding Internal Controls

Sometimes data processing functions are restricted to certain individuals. For example, you may not want the employee who enters a purchase order into the system, to also record the receipt of that order. Access to any menu or menu choice can be restricted with the dpermit command. Dpermit searches a file for a specified "group" and checks to see if the user (user login) belongs to the "group". The "group" used with dpermit is not the same as the UNIX group. It is an arbitrary name given to a set of user login IDs solely for use with dpermit. For example, a "group" called admin might consist of the users George, Bill, Beth, and Carl. Another group called staff could include certain staff people allowed access to other menus or menu choices. The "group" name is passed to dpermit as follows.

dpermit datafile group [group]

The datafile permit is distributed with the C/Books Accounting system in the ss\data directory. Each group with its associated users should be stored in the file permit. This file may be accessed through the data entry form permit as follows.

form -qfuadk permit

Through this form you can add and/or update "groups" and "users". Remember that the "user" must correspond with the users login ID as it exists in the /etc/passwd file.

An example of how dpermit would be used to restrict access to the menu choice Edit Purchase Orders, to users in group admin is shown below.

menufile po

menu po

1,1 Purchase Order

+1,+0 Purchase Orders

poform -qfuad lpo

+1,+0 Edit Purchase Order List

form -qfud polist

+1,+0 Non-Inventory Purchase Orders

poform -qfuad spo

+1,+0 Edit Purchase Orders

if dpermit permit admin

then : ok

else

echo "Permission denied"

exit 1

poform -qfuad epo

If you wanted both the admin and the staff groups to have access to the menu choice Edit Purchase Orders, the Purchase Order menu would be edited as follows.