× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Our auditors make requests and our Operations team pulls the required data,
usually in an .xlsx format.
Having the same company each year, the requests are 98% the same.
They may ask for something like all the new orders in 10 different days (a
list) and then using that list make random requests for details.

The lists of users is usually 100% lists, but the audit of program changes
is random selection from a list.
We do have to give them the commands and sql that generate any list.
Parts of this are interactive (they ask, OPS generate, they look and ask
for more details.

Lots of documentation of how users are maintained - procedures for request,
approval, execution.

The above avoids having auditors roaming the system.
One area that is separated - is another company does penetration testing
(and that has caused operational problems - they did a guess at service
accounts, matched one, and hit it enough to disable it...(and this was no
easy dictionary attack - I counted over 30,000 profile names attempted...

Jim Franz


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Paul
Nelson
Sent: Wednesday, September 20, 2017 6:10 PM
To: 'Midrange Systems Technical Discussion' <midrange-l@xxxxxxxxxxxx>
Subject: RE: auditor access

Get in writing exactly what the auditor is wanting to see. Then give her a
ream of paper with that information. She's going to want it on paper
eventually, so cut your audit bill and give her what she wants when she
walks in the door.

Paul Nelson
Cell 708-670-6978
Office 409-267-4027
nelsonp@xxxxxxxxxxxxx


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jerry
Draper
Sent: Wednesday, September 20, 2017 3:52 PM
To: Midrange Systems Technical Discussion
Subject: auditor access

Our IBM I system environment is undergoing an external audit.

How can we provide read-only access for the auditor (i.e., with no ability
to execute change, add, or modify)

They need to view users, libraries, jobs, job description etc.

Thanks,

Jerry


--
Jerry Draper, Trilobyte Software Systems, since 1976 IBMi, Network, and
Connectivity Specialists, LAN/WAN/VPN Representing WinTronix, Synapse, HiT,
and others .....
(415) 457-3431 opt-1 . www.trilosoft.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link:
http://amzn.to/2dEadiD


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link:
http://amzn.to/2dEadiD


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.