I don't know of a best practice guide, but I can tell you the IFS doesn't support adopted authority.
-----Original Message-----
From: a4g atl [mailto:a4ginatl2@xxxxxxxxx]
Sent: Friday, October 05, 2018 9:08 AM
To: midrange-l@xxxxxxxxxxxx
Subject: Use of adopted profiles
Is there a document that describes how the adopted authority works and maybe best practices? I am reviewing a project to lock the system down and it has been a long time since I last set up a highly secure system.
My plan is to
- revoke all authorities from user libraries, objects and the IFS.
- Grant authority to a group profile.
- The group profile will own all objects.
- Users will have none or limited authority directly.
- When users signon to the menu, the menu program will grant authority whilst using the job. When they sign off, they will have no authority.
Objective:
- Prevent unauthorized access to the system
- There are users on multiple systems accessing this system and its wide open. - Plan to grant authority to objects only where required example read rights to file where a remote system needs to access files to retrieve data and so on.
The same will apply to the IFS.
What are the best practices today? I know some folk don't like this approach but it is one of the cleanest and easiest approaches to implement and maintain.
TIA
Darryl Freinkel
This thread ...
Re: [SUSPECTED SPAM] Use of adopted profiles, (continued)
This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
