|
The issue with moving to security level 40 from level 20 is that you have to
determine how users are going to get access to application objects. At
security level 20, users, by default, are created with *ALLOBJ special
authority. That means that they have access to every object on the system.
When you IPL the system from 20 to 30, 40 or 50, *ALLOBJ is stripped away
from all users not in the *SECOFR user class. So you will have to
accommodate the loss of *ALLOBJ. This is typically a much bigger challenge
than moving to security level 40, which is pretty straightforward.
Once you've figured out how to get off of level 20, I'd make the extra effort
(which isn't much) and go right for security level 40. You can't guarantee
security or operating system integrity unless you're at that level or
higher. I've documented the steps to move to level 40 in an MCPressonline
Security Patrol article entitled, Why aren't all systems at security level
40 or 50?
==================================
MORE INFORMATION ON THIS TOPIC
==================================
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Check out this Search400.com Featured Topic: Top ten security tips
|
