Michael,

Using authorization lists along with primary group and supplemental group
profiles is exactly what I intend to do.

It's just I have 8,500 objects and 387 user profiles.

I'd like an easier to use method of documenting and/or managing the design;
which authorization lists control which objects, which groups are on which
lists, and which users are in which groups.

Charles

> -----Original Message-----
> From: Mayer, Michael (CMA Consulting) [mailto:mmayer@xxxxxxx]
> Sent: Friday, May 14, 2004 9:52 AM
> To: 'Security Administration on the AS400 / iSeries'
> Subject: RE: [Security400] Documenting / Managing iSeries security
> 
> 
> I would set things up via authority lists and secure the 
> objects in question
> by group profile / supplemental group profile.
> There's a couple of good reasons for doing things this way.
> First, this method allows you to add / delete employees user 
> profiles to
> objects via the group / supplemental profile as they join, 
> leave ro transfer
> within the company. You would only have to be concered with 
> object ownership
> before deleting a user profile.
> Second, in the vent of a crash, even with SAVSECDTA tapes / 
> RSTAUT commands,
> individual authority is not restored to objects upon restore.
> Authority list authority is restored.
> 
> You may also want to check out WWW.KISCO.COM
> They're a pretty good AS/400 security firm.
> 
> 
> 
> 
> Michael Mayer - CMA Consulting.
> 700 Troy-Schenectady Road
> Latham, New York 12110
> AS400 Administrator - NJ State WIC Program.
> 518.783.9003 - Office
> 518.429.2235 - Direct
> 518.783.5093 - FAX
> MMayer@xxxxxxx
> http://www.cma.com
> 
> 
> 
> 
> 

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.