I would set things up via authority lists and secure the objects in question
by group profile / supplemental group profile.
There's a couple of good reasons for doing things this way.
First, this method allows you to add / delete employees user profiles to
objects via the group / supplemental profile as they join, leave ro transfer
within the company. You would only have to be concered with object ownership
before deleting a user profile.
Second, in the vent of a crash, even with SAVSECDTA tapes / RSTAUT commands,
individual authority is not restored to objects upon restore.
Authority list authority is restored.

You may also want to check out WWW.KISCO.COM
They're a pretty good AS/400 security firm.




Michael Mayer - CMA Consulting.
700 Troy-Schenectady Road
Latham, New York 12110
AS400 Administrator - NJ State WIC Program.
518.783.9003 - Office
518.429.2235 - Direct
518.783.5093 - FAX
MMayer@xxxxxxx
http://www.cma.com





-----Original Message-----
From: CWilt@xxxxxxxxxxxx [mailto:CWilt@xxxxxxxxxxxx]
Sent: Friday, May 14, 2004 9:44 AM
To: security400@xxxxxxxxxxxx
Subject: RE: [Security400] Documenting / Managing iSeries security


Chuck,

I'd looked at Powertech, didn't look like it offered what I'm interested in.

NetIQ Security Solutions for iSeries ( formally Pentasafe :-) may have
something useful.  Specifically, the PSSecure module, which offers: 

Securely manages user activity on the system. 
PSSecure governs what a user can do while on the system by enhancing object
level security. 

Object Authority Management (OAM). 
Take advantage of iSeries robust object-level security by creating templates
for appropriate authority settings of objects (including the owner of the
object). PSSecure will identify objects that do not comply with your
templates and can automatically bring them back into compliance.


Though I'm not sure it does what I'm looking for.  I'm not looking for
security exit-program management;  I simply don't need the granularity at
this time.  

Heck I'm not sure exactly what I'm looking for.  It just seems that there
ought to be a better way than a huge, confusing, Excel spreadsheet to set up
OS/400 object level security for our home-grown app.  Some easier way to
define what we want it to be.  It would be a bonus if the application that
helps define what we want also ensures that it happens.

Charles

> -----Original Message-----
> From: Chuck Lewis [mailto:clewis@xxxxxxxxxx]
> Sent: Thursday, May 13, 2004 4:28 PM
> To: 'Security Administration on the AS400 / iSeries'
> Subject: RE: [Security400] Documenting / Managing iSeries security
> 
> 
> Charles,
> 
> Sounds like fun ;-)
> 
> I went the opposite way that you did, from big company to 
> smaller a few
> years back (now thinking about going back the other way <G>).
> 
> One that come to mind is PentaSafe, www.pentasafe.com
> 
> Another is Powertech, www.powertech.com
> 
> There is also the security tools that are on the AS/400. Have 
> you taken a
> look at those ?
> 
> Good luck.
> 
> Chuck
> 
> 
> 
> -----Original Message-----
> From: security400-bounces@xxxxxxxxxxxx
> [mailto:security400-bounces@xxxxxxxxxxxx] On Behalf Of 
> CWilt@xxxxxxxxxxxx
> Sent: Thursday, May 13, 2004 2:25 PM
> To: security400@xxxxxxxxxxxx
> Subject: [Security400] Documenting / Managing iSeries security
> 
> I'm beginning to take the first steps toward securing our home grown
> application.
> 
> How do you document / manage security?  Working at larger 
> company is new for
> me.  A paper-based or even Excel-based matrix is going to 
> quickly become
> unwieldy.
> 
> At minimum, I'm thinking I need some programs that use 
> commands and/or APIs
> to populate some data files along with a front end that 
> allows some drill
> down capabilities.
> 
> At maximum, I'm thinking I need a whole new application to 
> maintain the
> security data files.  When changes are made via the application, the
> appropriate OS/400 security command would be invoked to 
> actually change the
> security in use.
> 
> 
> Are there any tools out there for this task?  iSeries 
> specific would be
> nice, but even non-iSeries may be useful.  Even links to 
> documents or web
> sites discussing the task would be helpful.  I've done some 
> googling trying
> to find something, but so far have failed to turn up anything useful.
> 
> 
> Should I just start rolling my own?
> 
> 
> Thanks,
> Charles Wilt
>    
> 
> 
> 
> _______________________________________________
> This is the Security Administration on the AS400 / iSeries 
> (Security400) mailing list
> To post a message email: Security400@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/security400
> or email: Security400-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/security400.
> 
_______________________________________________
This is the Security Administration on the AS400 / iSeries (Security400)
mailing list
To post a message email: Security400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/security400
or email: Security400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/security400.

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.