How do I secure users with what access they have within Operations Navigator?
You have several options – I suggest that you use a combination of all three, if possible;
1. Do a selective install on the desktop. By default, only a limited set of Operations Navigator (now called iSeries Access) is installed. You have to consciously choose to install a full set of functions. This is not fool-proof, however, because full installations of OpsNav could be obtained from the iSeries if there is a file share to that directory.
2. Use Application Administration -- this is a function of OpsNav -- click on the system name and on the Connection Tasks box at the bottom of the window you'll see Configure Application Administration. This allows you to determine what OpsNav functions users will see on their desktop. This is more or less 'smoke and mirrors' however because the code (or the functionality) is still installed on the PC. However, the users will not see the functions when they open up the OpNav functions. It's a pretty effective method for implementing the "out of sight -- out of mind" theory.
Implement object security. This will help the situation because users will only be able to perform the functions they are authorized to perform.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Check out this Search400.com Featured Topic: Top ten security tips
Dig deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ...continue reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ...continue reading
On AS/400, the journal type AF subtype K, shows that a user profile lacks the special authority required by the function attempting to run.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.