× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 2016

Re: IBM i data and object authorities

Thanks for the response, Charles. I can confirm that Robin Tatum's
presentation did not include any authority recommendations in regards to
IBM's objects and data. It was all about securing custom applications and
he made the point that there is no single model that would fit every case.


On Thu, Jun 2, 2016 at 7:39 AM, Charles Wilt <charles.wilt@xxxxxxxxx> wrote:

I don't believe Robin intended for his model to be applied to IBM objects.

With few exceptions, I leave IBM object authorities alone.

The exceptions are always providing more access than IBM does by default.

I don't believe I've ever removed access, ie. *PUBLIC exclude to an IBM
object.

Charles

On Wed, Jun 1, 2016 at 5:40 PM, Nathan Andelin <nandelin@xxxxxxxxx> wrote:

I was just reviewing a presentation which was provided by Robin Tatum of
PowerTech. It included a simple model for securing applications and data;
beginning with excluding *public authority to application objects and
data
- then granting more granular object and data authorities to specific
user
profiles, user groups, and authorization lists according to needs.

I then reviewed authorities to objects and data in IBM i "Q" libraries to
get a feel for how IBM configures *public authorities, which varied from
object to object. IBM authority defaults appear to be quite specific.

It seems to me that a security administrator could muck up a system if
they
were to change IBM's default authorities for IBM's objects and data. Does
anyone have an alternate view?

Nathan.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.