It's a big task. I did this in a shop with 7 AS/400's along with thousands
of users several years back.
I also did it in a shop where there had been no security for 20 years on a
very large AS/400 that ran 24 x 7 x 365 without disturbing the business. The
users had always dictated what IT did in this particular place. The politics
was more difficult than the implementation. The planning was also very time
consuming, especially the naming convention standards ....
If I can help you in any way via email exchanges, let me know .... 

Michael Mayer - CMA Consulting.
700 Troy-Schenectady Road
Latham, New York 12110
AS400 Administrator - NJ State WIC Program.
518.783.9003 - Office
518.429.2235 - Direct
518.783.5093 - FAX
MMayer@xxxxxxx
http://www.cma.com





-----Original Message-----
From: CWilt@xxxxxxxxxxxx [mailto:CWilt@xxxxxxxxxxxx]
Sent: Friday, May 14, 2004 10:32 AM
To: security400@xxxxxxxxxxxx
Subject: RE: [Security400] Documenting / Managing iSeries security


Michael,

Using authorization lists along with primary group and supplemental group
profiles is exactly what I intend to do.

It's just I have 8,500 objects and 387 user profiles.

I'd like an easier to use method of documenting and/or managing the design;
which authorization lists control which objects, which groups are on which
lists, and which users are in which groups.

Charles

> -----Original Message-----
> From: Mayer, Michael (CMA Consulting) [mailto:mmayer@xxxxxxx]
> Sent: Friday, May 14, 2004 9:52 AM
> To: 'Security Administration on the AS400 / iSeries'
> Subject: RE: [Security400] Documenting / Managing iSeries security
> 
> 
> I would set things up via authority lists and secure the 
> objects in question
> by group profile / supplemental group profile.
> There's a couple of good reasons for doing things this way.
> First, this method allows you to add / delete employees user 
> profiles to
> objects via the group / supplemental profile as they join, 
> leave ro transfer
> within the company. You would only have to be concered with 
> object ownership
> before deleting a user profile.
> Second, in the vent of a crash, even with SAVSECDTA tapes / 
> RSTAUT commands,
> individual authority is not restored to objects upon restore.
> Authority list authority is restored.
> 
> You may also want to check out WWW.KISCO.COM
> They're a pretty good AS/400 security firm.
> 
> 
> 
> 
> Michael Mayer - CMA Consulting.
> 700 Troy-Schenectady Road
> Latham, New York 12110
> AS400 Administrator - NJ State WIC Program.
> 518.783.9003 - Office
> 518.429.2235 - Direct
> 518.783.5093 - FAX
> MMayer@xxxxxxx
> http://www.cma.com
> 
> 
> 
> 
> 
_______________________________________________
This is the Security Administration on the AS400 / iSeries (Security400)
mailing list
To post a message email: Security400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/security400
or email: Security400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/security400.

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.