Publication Date:  
System Version:  GCCS 2.1/Update 5
Web Page Created:  

Setup.  To accomplish this lesson, you will need GCCS connectivity and access to the JOPES database and JOPES applications (Session Manager and System Services through the JNAV window, and the IMS Admin Tool and RFM Admin Tool Icons).  Your USERID must have either Site Functional Manager (SFM) or Network Functional Manager (NFM) permissions.

Overview.  During this lesson you will expand your knowledge of the subject of permissions as they relate to GCCS and specifically JOPES.  You will also grant permissions to a specific JOPES USERID.

Almost everything you do in a classified system requires some type of permission to access the information.  Some permissions you never even know about because they are an integral part of the environment, like file read and write permissions.  Other permissions, like login passwords, require detailed administrative procedures to ensure system integrity.  The first part of this lesson demonstrates how GCCS permissions are granted and administered.

OBJECTIVE.  From a list of possibilities, predict the possible outcomes if certain specific system level permissions have not been granted.

Overview of Required Permissions to Access JOPES.  USERID account administration is not the purview of a single individual or even of a single office.  Four distinct activities must be accomplished to enter a new JOPES user into the system and enable them to access and modify data in the JOPES database.  These four activities can be organized under the following four individuals/offices:  Information System Security Officer, System Administrator, Database Administrator, and Functional Manager.  All sites are not organized identically, so there may be locations where functions have been combined and other locations where they have been combined differently or not combined at all.  Nevertheless, these four activities must be accomplished.
ISSO Actions.  The ISSO performs the first of the four activities.  This activity registers the USERID as a valid GCCS user.
Access the Security Manager.  The ISSO logs into GCCS and uses the Security Manager application to create the USERID and initial password.

Create NIS+ Account.  The account that the ISSO creates is called the NIS+ account.  NIS+ is the acronym for Network Information Service Plus.  The creation of this USERID account allows the USERID to login to the servers and workstations that have been specifically identified as being a part of this network.  The ISSO also can make this USERID a member of certain groups.

Note:  Recall that "groups" is one of the means that UNIX uses to control access and permissions to files.

GCCS Group.  Every JOPES user should be a member of the GCCS group.  This gives them the appropriate capabilities (read, write, and/or execute) to hundreds of the files required to use the JOPES applications.

JADMIN Group.  There are specific portions of the JOPES System Services application that are controlled by being members of the JADMIN group.  These portions of System Services deal with what has traditionally been FM, SA, and DBA activities.

SA Actions.  The SA performs the second of the four activities.  This activity provides the USERID access to the applications and the ability to launch those applications.
Access the Profile Manager.  The SA logs into GCCS and uses the Profile Manager application to assign applications to this specific USERID.

Assign Applications to the Launch Window.  The SA accomplishes this task by assigning the appropriate ICONs (which represent individual applications) to the Launch Window for this specific USERID.  Each USERID is limited to the applications (ICONs) available in their Launch Window.

Ensure Proper USERID to .rhosts File Relationship.  In the client/server environment, portions of applications and databases can be spread over different machines.  The SA should (must) also verify that the .rhosts file associated with this USERID identifies, as a minimum, all the machines necessary to run the applications in this USERID's Launch Window.

Assign USERID to the Appropriate JOPES Applications.  Currently, each JOPES application, such as RDA, S&M, TCCESI, etc., requires that a script be run to enable each USERID to actually launch the applications in the Launch Window.  These scripts are executed by the SA from system level.

DBA Actions.  The DBA performs the third of the four activities.  This activity provides the USERID access to the JOPES Oracle database and the ability to read and write to that database.

Create the Oracle Account.  The database administrator will create an Oracle account for every USERID.  This account is created from system level.

Assign Oracle Database Permissions.  The creation of the Oracle account assigns read and write permissions to all of the appropriate tables in the JOPES database.  Oracle checks the USERID (table- by-table) of everyone using the JOPES applications to ensure they have these permissions.  This Oracle account is in addition to specific functional permissions associated with each USERID.

FM Actions.  The FM performs the fourth of the four activities.  This activity provides the USERID access to specific OPLANs in the JOPES Oracle database and the ability to extract and/or add and/or modify data to that database.

Access JOPES System Services.  The FM logs into GCCS, accesses JOPES, and uses the System Services application to grant OPLAN access and functional permissions to the USERID.

Assign JOPES Functional Permissions.  The FM gives the USERID access to a series or several series of OPLANs.  After having granted access to OPLANs, the FM also assigns functional capabilities, such as Query, Update, Create, etc.  This limits that USERID only to the functional capabilities assigned.

IMS Admin Tool.  The Information Management System is a tool that provides access to the TPFDD portion of the JOPES Oracle database for those JOPES applications that do not enjoy direct access.  The FM controls the functionality assigned to IMS.  This functionality is not unique to each user, but is the same for all users of IMS on that application server.

RFM Admin Tool.  The Reference File Manager is a tool that provides access to the reference file portion of the JOPES Oracle database for those JOPES applications that do not enjoy direct access.  The FM controls the functionality assigned to RFM.  This functionality is not unique to each user, but is the same for all users of RFM on that application server.

Now that you are comfortable with the various permissions that need to be considered for each USERID, you will concentrate on those that are the responsibility of the FM.

OBJECTIVE.  From a list, match the JOPES functional permission definitions with their names.

Database Functional Permissions.  JOPES functional permissions are almost always associated with the JOPES Oracle database.  The FM controls the activities of every user having access to that database.  Permissions can also be associated with the capabilities of (or lack of) IMS and RFM.  Again, the FM controls what those capabilities will be.
JOPES (Oracle) Database Permissions.  Once you have access to a JOPES application that has an effect on the JOPES database, then your OPLAN series permissions and your functional permissions control access to the planning data.  JOPES functional permissions are approved and entered into the system by the FM.

OPLAN Series Permissions.  The OPLAN series permissions establish a user's need-to-know authority for normal access plans named with a number within the range of the number series granted by the permission.  For instance, if you had an OPLAN series permission for the 9000-9599 series, you would have access to OPLAN 9005T if it were a normal access plan.

Functional Permissions.  Functional permissions control what you can do to the OPLANs to which you have access.  For example, the JOPES database functional permissions assigned to your USERID control the menu options available on the System Services windows.

Query (QRY).  The Query permission is a default permission.  If you have been granted access to an OPLAN, you can view that information on the window, run reports, and download that information to a file or tape.

Note:  The Query permission does not appear on any window.  It is active as soon as the USERID is entered on the User Permissions window (Fig. 3-2) when the Add toggle is activated and the Transmit button is depressed.

Update (UPD).  The Update permission is granted if you require the ability to create/modify/merge records in an existing OPLAN.  The records include organic lift schedules for supporting command and supported command users.

Create (CRT).  The Create permission is granted if you require the ability to initialize new OPLANs in the database.

Transportation Component Command (TCC).  The Transportation Component Command permission is limited to those who require the ability to enter common user schedules into the S&M system.  That includes USTC, MTMC, AMC, and MSC for the common user lift.

Site Functional Manager (SFM).  The Site Functional Manager permission is given to those individuals who perform Site FM duties, such as granting access to OPLAN series and entering each user's individual permissions into the system.

Network Functional Manager (NFM).  The Network Functional Manager permission is assigned to those individuals responsible for controlling the networking of plans around the GCCS network.

Note:  There was an attempt to create a hierarchical structure with regard to permissions.  SFM includes CRT, UPD, and QRY; and NFM includes SFM, CRT, UPD, and QRY.  Currently (GCCS Version 2.1), the Validator permission has not been implemented, but should be in the next GCCS System Services release.  It will replace some or all of the TCCESI system level permissions.

Validator (VAL).  The Validator permission is granted to individuals performing the site validator functions at the supported CINC, USTRANSCOM, and the TCCs.

IMS.  The IMS Admin Tool allows the FM to control the capabilities of IMS which is a tool used for the movement of TPFDD information out of the JOPES Oracle database and make it available for use by other applications.  TPFDDs can be stored in IMS itself or in other files on the server accessible by different JOPES applications.

RFM.  The RFM Admin Tool provides a capability to make a copy of the standard reference files in Oracle available in a file for applications that cannot access oracle.  The RFM Admin Tool is used to add and/or delete applications and/or reference files from the RFM capability.

Now that you are very familiar with the permissions that are the responsibility of the FM, it is time to turn to the system and exercise some of your new found knowledge.

OBJECTIVE.  Given a JOPES environment, administer JOPES functional Oracle database permissions for a new user.

Requirement.  The reserve unit assigned to augment your headquarters has just reported for their two week active duty tour.  Several of them will be working in the J3 and J5 offices and will require access to several of the JOPES applications.  The ISSO, SA, and DBA have started their required actions.  You, the FM, are responsible for assigning the functional permissions.  They will require the following:  Access to the entire 9000 series of OPLANs, the ability to add additional plans to the database, the ability to modify records within the 9000 series of OPLANs, and the ability to perform validator duties.  They will not be required to add common-user carrier schedules to the database or perform any FM duties.  IMS must be capable of extracting an OPLAN from the JOPES database and be made available for JFAST.  JFAST will also need access to the TUCHA and GEO reference files.

Reviewing/Granting Permissions.  The FM is responsible for granting permissions to the JOPES database and ensuring that IMS and RFM have the correct capabilities to support the users.
JOPES (Oracle) Database.  You use the System Services application to find out what OPLAN series and functional permissions are assigned to your USERID and, if you are an FM (either site or network), to assign permissions to other USERIDs.

Tear-off Menus.  The GCCS System Services cascade menu has a tear-off feature that allows you to pin it to another location on your Session Manager desktop for immediate access later.
This feature lets you "pin" the cascade to the desktop and make multiple selections for the query without having to retrace the cascade paths again and again.

To "tear-off" a cascade, <POINT AND CLICK (left)> on the dotted line in the header to "pin" it to the desktop.  You can "pin" more than one cascade and drag them to different locations on the desktop.

To close a tear-off menu, <POINT AND CLICK (left)> on the Window Menu button [-] in the upper left corner of the tear-off window's header line.

Because you will want to use the System Services cascade menu later, you will now use the tear-off function.

Requirement.  Before starting to add the reservists' USERIDs, verify that your current USERID has either a Site FM or Network FM permission.

Note:  If your USERID does not have Site FM or Network FM permissions assigned, you would not have had to enter your USERID on this screen.  The permissions assigned to your USERID would automatically display.

User Permissions Option.  This window shows you the specific OPLAN series and functional permissions assigned to your USERID.
Individual users can also review their permissions on this window.  Non-FMs would not have the Add/Change/Delete options displayed.

If you have either Site or Network FM permissions, you add, change, or delete permissions from this window.

Function Buttons.  The function buttons at the bottom of the window allow you to get Help for the text fields, research the dictionary terms, scroll, print, and navigate back to different levels of previous menus.
<F1> on the keyboard provides a Field Help Screen (if it is available) or a Screen Help Screen.  If Field Help is available, then Screen Help can be selected from the Field Help Screen.  Using the mouse to select the F1-Help button on the screen always provides a Screen Help Screen.

<F2> on the keyboard or selecting F2-Dictionary with the mouse provides access to a dictionary.  It is text sensitive and provides explanations or definitions for acronyms and terms.

<F3> on the keyboard or selecting F3-Print with the mouse executes a screen print that will print at the default printer (as established by the SA).

<F4> on the keyboard or selecting F4-Up with the mouse and <F8> on the keyboard or selecting F8-Dn with the mouse allows you to "page" through the list of USERIDs, forward (up) or backward (down).

<F10> on the keyboard or selecting F10-Back with the mouse returns to the previous menu.  Selecting <F11> on the keyboard or selecting F11-Menu with the mouse returns you to the System Services window.  Selecting <F12> on the keyboard or selecting F12-Exit with the mouse exits the application.

Add/Change/Delete Permissions.  To add, change, or delete permissions, you must enter the desired USERID, select the respective function button, mark the desired permissions, and select Transmit.

You will now add the reservists' USERIDs to the system.

User Permissions Report.  As an FM, you also have access to the User Permissions Report.  This report will show you the functional permissions granted to all the users on this server.  The report can be viewed on the screen and/or sent to a printer.  The report is run from the Plan Management tear-off menu.

This report shows you at a glance who has what permissions.  You can use the <F5> or <F7> function keys and the F5-PgUp or F7-PgDn buttons to page through the report.  You can <POINT AND CLICK (left)> on the Report button to print the report at your default printer.

Review the report, then close the display and exit System Services.

You have completed the entry of the Reservists' permissions for the JOPES database.  Now it is time to ensure that TPFDDs in that database are exportable to JFAST.

OBJECTIVE.  Given an operational GCCS environment, use the IMS Admin Tool to control the applications which can import/export TPFDDs through IMS.

IMS Admin Tool Navigation.  The IMS Admin Tool allows your site to control which applications can import and/or export TPFDDs and to specify the system files used to store the information.  You, the FM, should/will be the individual permitted to change the setup information to manage the IMS application.

Restricting TPFDD Movement.  You can use the IMS Admin Tool to enable users, with access to the IMS Icon, to transfer TPFDDs from and/or to selected applications.

Enabling the View/Export Capability.  The lesson will now demonstrate how to enable the capability to view and export TPFDDs from the JOPES database.  This is an important feature if you want to control the distribution of the OPLAN to JOPES applications that do not directly access the JOPES database.

Reset IMS Download Date.  If set to Yes, then IMS updates the date displayed in the Download Date field whenever a TPFDD is downloaded.

Run Export in XTerm.  If set to Yes, then an XTerm window will display the download process during a TPFDD export.

TPFDD Export File.  This field contains the name of the executable file that performs the export of the TPFDD from the database.

TPFDD Export Path.  This field contains the name of the path where the TPFDD file will be stored when IMS performs a TPFDD extract.

Save Button.  You must save the changes you make for them to take effect.  The changes you make will be reflected on the IMS window the next time it is activated from a Launch Window.

Now that you know JFAST can access TPFDDs resident in the JOPES database, it is time to see if that application can get access to the most current reference files (specifically TUCHA and GEO) that it needs.

OBJECTIVE.  Given a GCCS environment, use the RFM Admin Tool to identify an additional workstation/application requiring access to a specific reference file.

RFM Admin Tool.  The RFM Admin Tool allows you to identify reference files and make them accessible to applications that cannot directly access them in Oracle.

One reference file, e.g., GEOFILE, may be used by multiple applications.  The RFM Admin Tool is used to target applications that may need data from the JOPES database.  The RFM Admin Tool window is divided into two sections:  the Reference File section, the top half of the window; and the Application Name section, the bottom half of the window.

Reference File.  The reference file section identifies the name of the reference file and where the reference file can be found on the RFM server.  The Next File button provides access to information concerning the various reference files.  Notice that the numbers after the words Reference File show that the TUCHA file is only one of several file entries in the RFM Admin Tool.

Reference File Name.  This is the name of the file where the reference file is stored after it is extracted from the JOPES database.

Reference File Path.  This is the path leading to the reference file name.

Update Script.  This is the name of the script that executes the JOPES database to file process.

Date Offset.  This field signifies one of two conditions.  If it is -1, it means the file does not contain a DISA date stamp so the date shown with an "*" within the RFM display reflects the date that the reference file was copied from the database to the file.  If a positive integer is contained within the Date Offset field, then the RFM display reflects the official release date of that reference file.  The offset number indicates the character position of the date in the header so the computer knows where to find it.

Application Name.  The application section of the window identifies the application that receives a copy of the selected reference file.  Notice that numbers appearing after the words Application Name show how many applications currently receive the selected reference file.
Machine Name.  The Machine Name field was created so that RFM could be set up to send reference files to applications that reside on one or more specific clients.

Note:  The Machine Name field is a relic from the days of LOGSAFE operating on clients.

Load File.  This is the name of the script file that executes the movement of the reference file from the file named in the top portion of the screen to the location where the application can use it.

Now that you are familiar with the granting of permissions to the JOPES database and how to use the IMS and RFM Admin Tools, it is time for you to do it on your own.

Requirement.  Delete the JOPES database USERID permissions you created earlier, answer the questions concerning the IMS and RFM Admin tools, and exit to the Launch Window.

Summary.  This lesson focused on the various activities necessary to administer the permissions scheme for JOPES in GCCS Version 2.1.  You focused on those specific activities required of the FM.  Functional permissions are exercised through the System Services application for the JOPES database and the IMS and RFM Admin Tools for those two applications.  Used together, these tools allow you to transfer OPLANs, TPFDDs, and reference files between the GCCS applications as needed.