Re: Authority Collection

Hello Rob,

Am 21.05.2020 um 13:28 schrieb Rob Berendt <rob@xxxxxxxxx>:

I believe that security is flawed.

Maybe in an IBM i environment. I don't have much experience, yet.

Because when you put users into that group they automatically have total access to that data. They can connect using ODBC and 6,000+ other things and modify the data at will.

Yes, that's what's it all about. Access is access. From my PoV, it's unimportant if an user is navigating via unix shell, connecting via SMB or ftp or whatever to a Linux box. The access rights are obeyed by all services.

If an user is permitted to to a RMVM from CL, delete via FTP, drop table via ODBC doesn't matter much. He *has* the power (most often because he *needs* to change data) and if he abuses that power, there are legal consequences and a backup.

Maybe my Point of View is not applicable in an IBM i context. But honestly, I can't help you then.

Sure, three decades ago one could say they had no command line access and get smirky. But those days are long gone. If they have such access you're now down to playing whack-a-mole with exit point tools, etc.
I think I mentioned that was a path I didn't want to go down.

Sorry, I didn't understand from your initial statements that you considered this way already.

:wq! PoC

PGP-Key: DDD3 4ABF 6413 38DE - https://www.pocnet.net/poc-key.asc