× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  • Subject: Re: Why do software companies always want ALLOBJ
  • From: MacWheel99@xxxxxxx
  • Date: Thu, 14 Sep 2000 13:14:02 EDT

One solution that I think the world of companies using AS/400 needs is

"An Introduction to AS/400 Security for General Management"

My vision of this tool would be that it would come with a menu driven view of 
WRKSYSVAL and other FAQ about YOUR system where someone could view Security 
Wizard information without changing any of it.

An executive who previously knew nothing about AS/400 security, such as a 
general outside auditor or a new hire in the MIS department, could be viewing 
this CD Rom which walks through some explanation of say security levels 10 20 
30 40 50, then is asked to switch to the other session & take the menu option 
that tells you what level your company is presently at, then return to the CD 
Rom session & key in what that is, which controls the flow of information 
regarding the risks & advantages of that level & what you get if your 
enterprise moves up to next level, assuming the software that you have 
installed is able to function at the next level, explained in a non-technical 
manner.

This would be followed by a series of very simple questions, answerable by 
the menu, that leads into an education as to what the function is of various 
security features & the risks & what not, about each one.  Perhaps one option 
would identify a list of all the user-ids that can sign on & have extremely 
global access, that in AS/400 terms these people are the real bosses of your 
operations & data.

There might be a second CD Rom based on a major software package, such as JDE 
or BPCS, in which the executive is prompted to key in like a USER ID & the 
view is information only without ability to update anything software ... 
could then look at that ERP's security sub-system & combined with user 
profile information might then say all the stuff this person can access & 
whether if someone outside the company figures out the password, can they get 
onto your system from the internet & do the same stuff.  It would identify 
both legitimate & illegitimate activities authorized by these settings & ask 
in a rhetorical way, if this is the kind of security that you really want for 
your company.

An AS/400 with GOOD SECURITY might not let someone access such information, 
but such a site does not need this education.  

Another variation might be a WHITE HAT hacker simulation ... it would run a 
series of tests against your AS/400 conceptually similar to what we get for 
our PC by going to sites like 

http://grc.com/default.htm Shields Up then Test them - both tests then look 
at the great FAQ

or

http://security2.norton.com/sa/1033/sym/sym_intro.asp?j=1&bhcd2=957949319
Norton Internet Security 2000 which I think has a more comprehensive testing 
but not so easy to get at their FAQ

If any such software exists, I have no knowledge of it.

If this is reasonably practicable to create, I might think that it should be 
created as a team effort between IBM Rochester & BPs, then distributed for 
free, or at low cost, as part of a marketing effort by AS/400 security 
specialist BPs who are seeking additional customers or more consulting & 
developing opportunities.

The CD Rom session might include linked access to web sites for accessing a 
directory of AS/400 security consultants that serve your geographic area if 
the executive's newly gained understanding leads to a conclusion that our 
site needs help, or a computer audit more intrusive than this introductory CD 
Rom perspective.

I have several power users who can function in a help desk role.  They are 
trusted with a level of access that is considerably below that of security 
officer, but they do have some system operator type access & training so that 
they can view what the situation is with some user who got in trouble.

One of my power users pointed out to me what he thought was an extremely 
useful query I had created (which lists customer orders with errors in our 
pricing) that seemed to him to be under-utilized, and was asking how people 
are expected to find out about additions to our collection of tools (I had 
added this one while he was on vacation).  I showed him how to use WRKOBJ on 
any specific *QRYDFN to see when was the last time an individual query was 
actually used & how many days of usage has it had since it was created on our 
current box (upgrades lose some accumulated statistics).

I am tempted to put that in a CL on a menu so folks do not have to remember 
what all to key in to get at it ... jsut the name of the query.

Then I noodled around a bit & from DSPOBJD got an *OUTFILE of all our *QRYDFN 
so now we can run a query of our queries to see which are being used heavily 
& which are not being used at all.  Ditto for all our *PGM CL in *LIBL 
excluding IBM QSYS variety ... ie. the kind of stuff that ordinarily is on 
SOME MENU some place, but out of sight out of mind when most people only use 
a small handful of different menus.

My interest in this is identification of wasted disk space (I keep finding 
debris left by the developers), doing a better job of communicating what 
software is available for us to use (sort on text description within software 
category), get a report listing software that was added or changed recently 
(reference list for folks who have had a nice long vacation & should 
management ever want to know what I have been working on), and when we see 
what is underutilized vs. heavily used, we know what types of problems are 
being resolved as part of normal business operations & which are not, which 
relates back to the point my power user was making.

I think it would be really cool, if I could somehow link this to our ERP 
security file logic & generate a report (I think it would have to be RPG 
rather than Query) to show what CAN or cannot be run by various USER IDs on 
this list of all the software objects in our ERP production library list.  
Several versions of this report id.

Directory of our software that we now have, thanks to the DSPOBJD to 
*OUTFILE, with addition of count of # of users who are authorized to run each 
one.

Select any given user id & get report showing all the stuff that person is 
authorized to run.

Select any given program or ranges that is ERP structurally significant, such 
as all the "900" programs of ERP & get list of all the users who are 
authorized to run it.

When my time permits, I may pursue some of these ideas a bit further.

Al Macintyre  ©¿©
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.