I may ramble on this one but I am struggling with some ways to properly secure things within WAS and WPS. Right now I am working with WAS 6 (ND) and WPS (18.104.22.168). My first beef tends to be that within WAS it takes a high degree of authority to allow someone to run the HTTP Admin Client - I am not aware of any way to allow someone access to it but limit what they can do. For example I want operators and sometimes even developers the ability to take servers up or down and even make some changes. My problem is that I feel that certain things should not be open - there should be some control on configurations. And then if they have to have *IOSYSCFG or other access I struggle with that. It is such a hassle to allow that and while I hate my auditors (if they would ever evaluate things from a business cost/benefit vs. security standpoint and if they would ever help solve a problem then I might like them) I have to agree with their assessments about the impact of such a special authority. And then I have an issue between production, development, and test servers/instances. So it makes sense for someone to have more control in a test server instance than in a production instance. I can't figure out how to meter out this authority. My second beef is how to secure the IFS structure for these products. I am constantly getting requests for write or existence access to a number of objects and with the directory structure of these products they can exist all over the place. I don't want to give the carte blanch type of access but I can't have them restricted all the time either. Has anyone spent any time trying to create a granular security environment for WAS and had any success? Michael Crump Manager, Computing Services Saint-Gobain Containers 1509 S. Macedonia Ave. Muncie, IN 47302 (765)741-7696 (765)741-7012 f (800)428-8642 "The probability that we may fail in the struggle ought not to deter us from the support of a cause we believe to be just" Abraham Lincoln
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.