|
That is the very first step for sure .... Michael Mayer - CMA Consulting. 700 Troy-Schenectady Road Latham, New York 12110 AS400 Administrator - NJ State WIC Program. 518.783.9003 - Office 518.429.2235 - Direct 518.783.5093 - FAX MMayer@xxxxxxx http://www.cma.com -----Original Message----- From: CWilt@xxxxxxxxxxxx [mailto:CWilt@xxxxxxxxxxxx] Sent: Friday, May 14, 2004 1:09 PM To: security400@xxxxxxxxxxxx Subject: RE: [Security400] Documenting / Managing iSeries security Michael, Option 2 is what I'm dealing with. First step was to take away *ALLOBJ from most of the 259 users who had it; initially just those who didn't know they had it or what it really meant. The battle to take it away from those who know will be fought a little later ;-) Charles > -----Original Message----- > From: Mayer, Michael (CMA Consulting) [mailto:mmayer@xxxxxxx] > Sent: Friday, May 14, 2004 10:47 AM > To: 'Security Administration on the AS400 / iSeries' > Subject: RE: [Security400] Documenting / Managing iSeries security > > > It's a big task. I did this in a shop with 7 AS/400's along > with thousands > of users several years back. > I also did it in a shop where there had been no security for > 20 years on a > very large AS/400 that ran 24 x 7 x 365 without disturbing > the business. The > users had always dictated what IT did in this particular > place. The politics > was more difficult than the implementation. The planning was > also very time > consuming, especially the naming convention standards .... > If I can help you in any way via email exchanges, let me know .... > > Michael Mayer - CMA Consulting. > 700 Troy-Schenectady Road > Latham, New York 12110 > AS400 Administrator - NJ State WIC Program. > 518.783.9003 - Office > 518.429.2235 - Direct > 518.783.5093 - FAX > MMayer@xxxxxxx > http://www.cma.com > > > > > > -----Original Message----- > From: CWilt@xxxxxxxxxxxx [mailto:CWilt@xxxxxxxxxxxx] > Sent: Friday, May 14, 2004 10:32 AM > To: security400@xxxxxxxxxxxx > Subject: RE: [Security400] Documenting / Managing iSeries security > > > Michael, > > Using authorization lists along with primary group and > supplemental group > profiles is exactly what I intend to do. > > It's just I have 8,500 objects and 387 user profiles. > > I'd like an easier to use method of documenting and/or > managing the design; > which authorization lists control which objects, which groups > are on which > lists, and which users are in which groups. > > Charles > > > -----Original Message----- > > From: Mayer, Michael (CMA Consulting) [mailto:mmayer@xxxxxxx] > > Sent: Friday, May 14, 2004 9:52 AM > > To: 'Security Administration on the AS400 / iSeries' > > Subject: RE: [Security400] Documenting / Managing iSeries security > > > > > > I would set things up via authority lists and secure the > > objects in question > > by group profile / supplemental group profile. > > There's a couple of good reasons for doing things this way. > > First, this method allows you to add / delete employees user > > profiles to > > objects via the group / supplemental profile as they join, > > leave ro transfer > > within the company. You would only have to be concered with > > object ownership > > before deleting a user profile. > > Second, in the vent of a crash, even with SAVSECDTA tapes / > > RSTAUT commands, > > individual authority is not restored to objects upon restore. > > Authority list authority is restored. > > > > You may also want to check out WWW.KISCO.COM > > They're a pretty good AS/400 security firm. > > > > > > > > > > Michael Mayer - CMA Consulting. > > 700 Troy-Schenectady Road > > Latham, New York 12110 > > AS400 Administrator - NJ State WIC Program. > > 518.783.9003 - Office > > 518.429.2235 - Direct > > 518.783.5093 - FAX > > MMayer@xxxxxxx > > http://www.cma.com > > > > > > > > > > > _______________________________________________ > This is the Security Administration on the AS400 / iSeries > (Security400) > mailing list > To post a message email: Security400@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/security400 > or email: Security400-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/security400. > _______________________________________________ > This is the Security Administration on the AS400 / iSeries > (Security400) mailing list > To post a message email: Security400@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/security400 > or email: Security400-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/security400. > _______________________________________________ This is the Security Administration on the AS400 / iSeries (Security400) mailing list To post a message email: Security400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/security400 or email: Security400-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/security400.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.