I would set things up via authority lists and secure the objects in question by group profile / supplemental group profile. There's a couple of good reasons for doing things this way. First, this method allows you to add / delete employees user profiles to objects via the group / supplemental profile as they join, leave ro transfer within the company. You would only have to be concered with object ownership before deleting a user profile. Second, in the vent of a crash, even with SAVSECDTA tapes / RSTAUT commands, individual authority is not restored to objects upon restore. Authority list authority is restored. You may also want to check out WWW.KISCO.COM They're a pretty good AS/400 security firm. Michael Mayer - CMA Consulting. 700 Troy-Schenectady Road Latham, New York 12110 AS400 Administrator - NJ State WIC Program. 518.783.9003 - Office 518.429.2235 - Direct 518.783.5093 - FAX MMayer@xxxxxxx http://www.cma.com -----Original Message----- From: CWilt@xxxxxxxxxxxx [mailto:CWilt@xxxxxxxxxxxx] Sent: Friday, May 14, 2004 9:44 AM To: security400@xxxxxxxxxxxx Subject: RE: [Security400] Documenting / Managing iSeries security Chuck, I'd looked at Powertech, didn't look like it offered what I'm interested in. NetIQ Security Solutions for iSeries ( formally Pentasafe :-) may have something useful. Specifically, the PSSecure module, which offers: Securely manages user activity on the system. PSSecure governs what a user can do while on the system by enhancing object level security. Object Authority Management (OAM). Take advantage of iSeries robust object-level security by creating templates for appropriate authority settings of objects (including the owner of the object). PSSecure will identify objects that do not comply with your templates and can automatically bring them back into compliance. Though I'm not sure it does what I'm looking for. I'm not looking for security exit-program management; I simply don't need the granularity at this time. Heck I'm not sure exactly what I'm looking for. It just seems that there ought to be a better way than a huge, confusing, Excel spreadsheet to set up OS/400 object level security for our home-grown app. Some easier way to define what we want it to be. It would be a bonus if the application that helps define what we want also ensures that it happens. Charles > -----Original Message----- > From: Chuck Lewis [mailto:clewis@xxxxxxxxxx] > Sent: Thursday, May 13, 2004 4:28 PM > To: 'Security Administration on the AS400 / iSeries' > Subject: RE: [Security400] Documenting / Managing iSeries security > > > Charles, > > Sounds like fun ;-) > > I went the opposite way that you did, from big company to > smaller a few > years back (now thinking about going back the other way <G>). > > One that come to mind is PentaSafe, www.pentasafe.com > > Another is Powertech, www.powertech.com > > There is also the security tools that are on the AS/400. Have > you taken a > look at those ? > > Good luck. > > Chuck > > > > -----Original Message----- > From: security400-bounces@xxxxxxxxxxxx > [mailto:security400-bounces@xxxxxxxxxxxx] On Behalf Of > CWilt@xxxxxxxxxxxx > Sent: Thursday, May 13, 2004 2:25 PM > To: security400@xxxxxxxxxxxx > Subject: [Security400] Documenting / Managing iSeries security > > I'm beginning to take the first steps toward securing our home grown > application. > > How do you document / manage security? Working at larger > company is new for > me. A paper-based or even Excel-based matrix is going to > quickly become > unwieldy. > > At minimum, I'm thinking I need some programs that use > commands and/or APIs > to populate some data files along with a front end that > allows some drill > down capabilities. > > At maximum, I'm thinking I need a whole new application to > maintain the > security data files. When changes are made via the application, the > appropriate OS/400 security command would be invoked to > actually change the > security in use. > > > Are there any tools out there for this task? iSeries > specific would be > nice, but even non-iSeries may be useful. Even links to > documents or web > sites discussing the task would be helpful. I've done some > googling trying > to find something, but so far have failed to turn up anything useful. > > > Should I just start rolling my own? > > > Thanks, > Charles Wilt > > > > > _______________________________________________ > This is the Security Administration on the AS400 / iSeries > (Security400) mailing list > To post a message email: Security400@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/security400 > or email: Security400-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/security400. > _______________________________________________ This is the Security Administration on the AS400 / iSeries (Security400) mailing list To post a message email: Security400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/security400 or email: Security400-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/security400.
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.