Hello Bruno,
I am not familar with the gr_key. If you are able and satisfy with logon speed which it have to traverse through all your groups to locate the user for logon.
The next phase is route the batch to the user. I don't think you can do it on a group base. It route to user or your can user by station ID.
Your issue appears to be more on the architectural and system design phase. Might I suggest looking into Datacap Redbook that talks about system scaling.
https://www.redbooks.ibm.com/abstracts/sg247969.html
------------------------------
Blue Devil
------------------------------
Original Message:
Sent: Fri May 26, 2023 11:58 AM
From: Bruno Ferreira
Subject: Datacap security configuration
Hi there,
thanks for the reply.
Ok I didn't know that 400 groups could be a problem, but I will try to populate that amount of groups to check the performance.
About assigning groups to the batch, you are saying first add weight to the group and the execute an update to that batch with the gr_key of the tmgroup (right shift 8 bits)?
example:
UPDATE tmbatch set pb_key=1 where pb_batch='%s'
And if we need to have more than on group?
------------------------------
Bruno Ferreira
RedShift
Original Message:
Sent: Thu May 25, 2023 02:46 PM
From: Blue Devil
Subject: Datacap security configuration
400 groups is too much. Just logon will take forever to phrase through the user in what group. You can see the amount of time it check the user in which group just for logon.
Let said you are able to define the right template to your Ldap, LLLDAP, or ASDI to locate the user and that you are okay with the speed for logon - the next challenge is to look for the workflow and task for certain user. Best option is to route the batch to that group or user in that group. This is done by routing the batch to certain user or group.
Also you don't want to give all your user access to job monitor as they will run query or just the refresh of job monitor will impact the entire system from tm server to the db performance.
Might I recommend engaging your sales rep. to reach out to our lab services team for assistant. Lab advocate are pre paid services that you can render to help with architecture your environment.
------------------------------
Blue Devil
Original Message:
Sent: Wed May 24, 2023 10:14 AM
From: Bruno Ferreira
Subject: Datacap security configuration
We are deploying a configuration with 400 groups (departments).
Each group has its own batches of documents.
It is expected that each user should only be able to access (datacap navigator) batches from his own department.
With the available configuration options and documentation we are not being able to implement this security requirement.
What additional guidelines can read to solve the issue ?
Regards,
Bruno
------------------------------
Bruno Ferreira
------------------------------