Making QAD batch processing SOX compliant

This article explains how to properly setup QAD batch processing to comply SOX requirements.

If your company need to comply SOX requirements, then you can not place batch userid and passwords into input parameter files. Our previous article walked though the batch process setup. And as shown on diagram below

the file has userid, password and domain information. SOX disapproves such setup, because someone can read the credentials from the operating system.

Users have different approaches solving this problem. Here is our solution to that.

1. Create a script, mfgbatch, with the following content:

# unix script mfgbatch
# usage: mfgbatch DBNAME BATCHID
# mfgbatch pmfg mrp

. /qad/bin/qadfunctions

DBNAME=$1; export DBNAME

exec $DLC/bin/_progres -p /qad/eb2/custom/src/xxenbc.p

2. Create a progress program xxenbc.p, with the following content.

/*xxenbc.p -  the program needs to be encrypted*/
def var cmdLine        as char no-undo.
def var iLn            as char no-undo.
def var idbname  as char no-undo.
def var ibatchid as char no-undo.

idbname  = os-getenv("DBNAME").  /* QAD DB set name: Production, DEV or TEST, etc*/
ibatchid = os-getenv("BATCHID").   /* this is QAD batch ID*/

cmdLine = "echo -e " + """" + "mfg pwd domain" + "n" +
  "mgbatch" +  "n"    +
  idomain   + " "      + ibatchid    +  "n"    +
  "."       +  "n"    +
  "."       +  "n"    +
  "Y"       +  "n"    + """"   + "| ./xxbatch "  + idbname.

output to value(ibatchid + ".out").
 put unformatted cmdline skip.

input through value(cmdLine) no-echo unbuffered.
  import unformatted iLn.
  put unformatted iLn skip.
input close.
output close.

Replace mfg pwd domain with actual credentials. This program needs to be encrypted with the use of Progress xcode utility. The syntax should be simple:

$DLC/bin/xcode -d $xrc-dir xxenbc.p

$xrc-dir is the path to the output directory. If issues encrypting the code, please check Progress user manual or contact us, we will help you.

3. Create another script xxbatch, with the following content:

# SOX Compliant Batch processor
# Designed by 32Soft Inc.
# Script to start batch session of MFG/PRO

stty intr '^c'
. /qad/bin/qadfunctions

if [ "$DATABASE" = "" ]; then
   echo "$0: You must supply a database name to connect to that database."
   exit 1



# Determine the proper PROPATH for the database chosen.
case $DATABASE in
export PROPATH

#        deal with possible lock file problems
if [ ! -f $DBDIR/${DATABASE}.lk ]
        # database not running. Can't start a session.
        echo "Production Database: $DBDIR/$DATABASE not running multi-user."
        echo "Cannot connect to this database."
sleep 2
        exit 1

# Optionally Set terminal type.
#TERM=VT220; export TERM

# Start MFG/PRO.
 exec $DLC/bin/_progres -pf /qad/bin/${DATABASE}.pf
 -t -d mdy -yy 1920 -Bt 350 -c 30 -l 2000 -D 100 -mmax 3000 -nb 200
 -s 63 -h 9 -p mf.p -b

4. Run the batch as following:

./mfgbatch DEV mrp

where DEV is DB set name and mrp is QAD batch ID in DEV. Similarly, you can setup cron jobs for required batches and databases.

Please note, that alternatively, you can store the batch userid password and domain information in QAD or custom database. That will facilitate periodic password change process. If you would like to take this route, then modify script #1 can be connected to the db, change progress program #2 to retrieve userid password and domain from the database. And also create a restricted menu in QAD for maintaining the batch userid password and domain.

Let us know if this article was helpful. Or if questions, please contact us.