FAQs regarding user profile and password management in the Visual LANSA Framework
|Date:||30th August 2007|
|Product/Release:||Visual LANSA Framework V11.3|
|Abstract:||Information regarding User Profile and Password Management in the VLF|
|Submitted By:||LANSA Technical Support|
Q: Do I have to (re)define my user profiles into the VLF?
A: Yes, if you want to use the VLF's shipped object authority model.
The VLF needs a way to associate user profiles with their allowable VLF activities.
Q: Do I have to (re)define my user's passwords into the VLF?
A: In i5/iSeries based applications the answer is generally no.
In iSeries/i5 based VLF applications, including RAMP, the validation of a password for a user profile can be performed by OS/400 at the point the user accesses the i5/iSeries system. For the VLF in general this is typically when they start a super-server session. For RAMP this is typically when they sign on to their 5250 session. In web browser based applications either web server user authentification or a user exit (IIP) can be used to validate the password via the operating system, rather than by the VLF itself.
In Windows based applications the answer is generally yes, because user profile management in windows products is generally much more fragmented.
Q: Are there techniques to minimize user profile (re)definition
A: Yes. These include the use of group users and role based users.
Using group users won't impact how many user profiles need to be defined, but it significantly impacts their ongoing maintenance. It is easier to maintain a single user group than a set of individual users. Note that the VLF allows a user to be a member of multiple groups, which is different to OS/400. You can use VLF user groups without having to use OS/400 group profiles.
A role based user is where the real user is mapped to a much smaller set of VLF role based users.
For example real users Fred, Mary and Bill might all map to the single role based VLF user profile ACC_CLERK.