Thank you! Now, can you tell me what you have as a standard for setting
up the specific authorizations by job?

What I have is the need to have one user, or a group of users, to have
authority to change JUST a command line in one job (JSL-3). In another
case, the user needs to have access to JUST JSL-5. For other JOBS,
specific users need to have authority to do a "DO" to re-run the job. 

What I think I have found to date is the necessity to revoke authority
to ALL jobs under Specific Jobs and then back that authority out item by
item. I would SURE like a more generic method of doing this. Any hope???

Thank you,

Dave

-----Original Message-----
From: security400-bounces+dturnidge=oldrepublictitle.com@xxxxxxxxxxxx
[mailto:security400-bounces+dturnidge=oldrepublictitle.com@xxxxxxxxxxxx]
On Behalf Of Ketzes, Larry
Sent: Tuesday, July 11, 2006 2:15 PM
To: Security Administration on the AS400 / iSeries
Subject: Re: [Security400] Help Systems Robot Schedule...

Sure.  This is the command string I have run every Monday morning that
shows all previous changes to jobs within the parameters I specify here:

RBTDSPAUDL FROMTIME(010906 010000) OMTRBTADMN(*YES) OMTRBTUSR(*YES)
INCUSR(*NO)
OUTPUT(*PRINT)             

Note that we omit any system jobs run by rbtuser or rbtadmin.  We do not
rn jobs run by these profiles.  This report will supply you with a
'before' and 'after' image of the jobs properties.

Larry                                                    

======================

Larry Ketzes
Senior Security Project Analyst
American Life Insurance Company

One ALICO Plaza
600 King Street
Wilmington, DE 19801
Phone: 302-594-2146
Mobile: 302-559-1631

Fax: 302-830-4524


Email: larry.ketzes@xxxxxxx

 


-----Original Message-----
From: security400-bounces@xxxxxxxxxxxx
[mailto:security400-bounces@xxxxxxxxxxxx] On Behalf Of Turnidge, Dave
Sent: Tuesday, July 11, 2006 3:03 PM
To: Security Administration on the AS400 / iSeries
Subject: Re: [Security400] Help Systems Robot Schedule...

OK! I have gotten the update. Can you supply any SOP that you use? 

-----Original Message-----
From: security400-bounces@xxxxxxxxxxxx
[mailto:security400-bounces@xxxxxxxxxxxx] On Behalf Of Ketzes, Larry
Sent: Tuesday, July 11, 2006 12:47 PM
To: Security Administration on the AS400 / iSeries
Subject: Re: [Security400] Help Systems Robot Schedule...

We have had that problem brought up to us by our auditors.  They have
concluded that it is nice to have security around the product, but that
does not actually provide proof that nothing has changed in the job.  I
asked Help Systems to assist with this proof, and they tweaked the
auditing capability of their Schedule.  If you go into the Audit Menu
(opt 7), then select Display Audit Log (opt 4), you will notice more
parameters to display any changes to a Robot Job.  I actually worked
with Help Systems on this and we now generate a report every week
showing any changes in ANY way to a Job Schedule Entry.  Our auditors
are very satisfied with this report in conjunction with normal security
of the product.

Larry 

======================

Larry Ketzes
Senior Security Project Analyst
American Life Insurance Company

One ALICO Plaza
600 King Street
Wilmington, DE 19801
Phone: 302-594-2146
Mobile: 302-559-1631

Fax: 302-830-4524


Email: larry.ketzes@xxxxxxx

 


-----Original Message-----
From: security400-bounces@xxxxxxxxxxxx
[mailto:security400-bounces@xxxxxxxxxxxx] On Behalf Of Turnidge, Dave
Sent: Tuesday, July 11, 2006 11:43 AM
To: Security Administration on the AS400 / iSeries
Subject: Re: [Security400] Help Systems Robot Schedule...

Nope - that's not a problem. They are STILL fantastic to work with.
Robot has a very tight security setup. There is only one problem that I
wish was resolved, and that is that you can't use secondary groups in
their security scenario. This is acknowledged, and may be taken care of
with release 10.

I'm just wondering what settings others have used in the real world. I
have a plan...which is supposed to be put into effect today. But I am a
believer in the "multitude of counsel".

Thanks for the response... :-) 

-----Original Message-----
From: security400-bounces@xxxxxxxxxxxx
[mailto:security400-bounces@xxxxxxxxxxxx] On Behalf Of Chuck Lewis
Sent: Tuesday, July 11, 2006 10:42 AM
To: 'Security Administration on the AS400 / iSeries'
Subject: Re: [Security400] Help Systems Robot Schedule...

Dave,

Hate to hear that (Help Systems answer) because I have always found them
to be fantastic to work with. Did they acknowledge this issue or say it
wasn't one, etc. ?

And I guess I don't really understand why programmers and help desk
folks would be using Robot Schedule? I too have used Robot Schedule
going back to the S/38 days at several different companies and we always
tightly controlled access to Robot Schedule (?).

Chuck

-----Original Message-----
From: security400-bounces@xxxxxxxxxxxx
[mailto:security400-bounces@xxxxxxxxxxxx] On Behalf Of Turnidge, Dave
Sent: Thursday, July 06, 2006 11:40 AM
To: Security Administration on the AS400 / iSeries
Subject: [Security400] Help Systems Robot Schedule...

We have been using Help Systems Robot Schedule for many years. But,
along came SOX and interrupted our tranquil life. Now I need to set up
Robot so that programmers and help desk personnel don't have access to
the jobs, and yet, can get their jobs done.

Primarily, this is because the profile being used by a job may have
(probably has) more authority than the person doing maintenance to the
job. That means that a person could add a command to the job to do
something nefarious - like deleting all the libraries - or something
like that.

I am wondering if anyone else has already gone through this exercise and
can give some guidelines that they ended up following. I have called
Help Systems, and they don't have anything more than their manual, as
far a instructions or methods go.

Thank you,

Dave

_______________________________________________
This is the Security Administration on the AS400 / iSeries (Security400)
mailing list To post a message email: Security400@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/security400
or email: Security400-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at
http://archive.midrange.com/security400.


_______________________________________________
This is the Security Administration on the AS400 / iSeries (Security400)
mailing list To post a message email: Security400@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/security400
or email: Security400-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at
http://archive.midrange.com/security400.
_______________________________________________
This is the Security Administration on the AS400 / iSeries (Security400)
mailing list To post a message email: Security400@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/security400
or email: Security400-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at
http://archive.midrange.com/security400.


_______________________________________________
This is the Security Administration on the AS400 / iSeries (Security400)
mailing list To post a message email: Security400@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/security400
or email: Security400-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at
http://archive.midrange.com/security400.
_______________________________________________
This is the Security Administration on the AS400 / iSeries (Security400)
mailing list To post a message email: Security400@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/security400
or email: Security400-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at
http://archive.midrange.com/security400.



As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2021 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.