Q

How much authority should programmers have?

What has been your opinion and experience in giving programmers access to production libraries to fix critical

production problems? Is this acceptable, and would this pass an IT audit? Should programmers be able to invoke this application themselves to grant themselves additional authority? Would this pass a typical IT audit?

Scenario: At our company, programmers have *USE authority to production libraries. We have a procedure in place, to give additional authority to programmers when needed to fix critical problems. The programmer calls our operations department, and request temporary *ALLOBJ access. The operator will invoke an in-house application, from a menu, and record "why" the programmer needed the access, put in the programmer's user I.D. etc. (in the background, *ALLOBJ is added to the programmer's user profile, auditing is invoked, and a time limit is set on when to expire this access, etc.). Also, an audit report is generated with log of the programmer's activity; the security administrator for abuse can then review this audit log. Our application managers would like to see programmers have the capability to give themselves the *ALLOBJ access via our application and menu option, instead of having to call operations. Please refer to my earlier questions.


I believe that you want to keep your current implementation. That way you have a clear and separate path to programmers' obtaining *ALLOBJ special authority. This method I believe should pass an audit. You will have a much more difficult time getting the proposed method through an audit.

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: Tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Read this Search400 Featured Topic: Secure your iSeries


This was first published in May 2002

Dig deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchEnterpriseLinux

SearchDataCenter

Close