Q
Manage Learn to apply best practices and optimize your operations.

Guidelines for preventing access to commands and duplication of objects

On AS/400, ensuring that a piece of data's object-level security has been set properly should be your first line of defense. Appendix C and D in the IBM i security reference manual provide IBM's recommendations for which commands should be set to *Public *Exclude, as well as CL commands and the authorities required to run them.

Multi part question:

1. What are the recommendations for commands that should be *Public *Exclude?

2. The current example is the command CRTDUPOBJ which is *Public *Use but few users have command line authority to run the command. For those who do have command line, are there other authorities required to create a duplicate object?

In Appendix C of the System i Security Reference manual (PDF) you'll see a list of the commands that IBM ships with *PUBLIC authority set to *EXCLUDE. This is a good place to start. Then in Appendix D in the same manual, you'll see all of the CL commands listed along with the authority required to run them. Ensuring that the data's object level security has been set properly should be your first line of defense (rather than focusing on securing commands). For example, if users don't have authority to the file, they won't be able to duplicate it.
This was last published in December 2008

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

Close