Michael, Using authorization lists along with primary group and supplemental group profiles is exactly what I intend to do. It's just I have 8,500 objects and 387 user profiles. I'd like an easier to use method of documenting and/or managing the design; which authorization lists control which objects, which groups are on which lists, and which users are in which groups. Charles > -----Original Message----- > From: Mayer, Michael (CMA Consulting) [mailto:mmayer@xxxxxxx] > Sent: Friday, May 14, 2004 9:52 AM > To: 'Security Administration on the AS400 / iSeries' > Subject: RE: [Security400] Documenting / Managing iSeries security > > > I would set things up via authority lists and secure the > objects in question > by group profile / supplemental group profile. > There's a couple of good reasons for doing things this way. > First, this method allows you to add / delete employees user > profiles to > objects via the group / supplemental profile as they join, > leave ro transfer > within the company. You would only have to be concered with > object ownership > before deleting a user profile. > Second, in the vent of a crash, even with SAVSECDTA tapes / > RSTAUT commands, > individual authority is not restored to objects upon restore. > Authority list authority is restored. > > You may also want to check out WWW.KISCO.COM > They're a pretty good AS/400 security firm. > > > > > Michael Mayer - CMA Consulting. > 700 Troy-Schenectady Road > Latham, New York 12110 > AS400 Administrator - NJ State WIC Program. > 518.783.9003 - Office > 518.429.2235 - Direct > 518.783.5093 - FAX > MMayer@xxxxxxx > http://www.cma.com > > > > >
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.