
	Home > Ask the AS/400 Experts > Questions & Answers > Prevent user profiles from gaining unofficial access

Ask The iSeries 400 Expert: Questions & Answers

EMAIL THIS

Prevent user profiles from gaining unofficial access

EXPERT RESPONSE FROM: Carol Woodbury

		Pose a Question

		Other iSeries 400 Categories

		Meet all iSeries 400 Experts
		Become an Expert for this site

QUESTION POSED ON: 12 May 2004
We are currently in the process of reviewing our entire system's security. One of the conundrums we've come across is how to prevent user profiles from gaining "unofficial" access to data (i.e. through a system tool such as DFU or DBU) while still maintaining "official" access (i.e. production end-user applications) to the data they need to update.

The way our security is set up, the user profiles belong to groups, and those groups have *CHANGE access to the libraries and the data within them (through private auth or AUTLs). So, from OS/400's perspective, it does not distinguish between the two types of access, and thus permits both.

Is there a way that we can set up our system that would allow us to distinguish between these two types of access, and thus secure them differently?

OS/400 does not provide "situational" security or access controls. My favorite, and I believe most robust way, to fix this problem is to change the application programs adopt authority. Since the application profile will own the programs and the database files, users will be able to perform all functions but only when they go through the application. Then you set the *PUBLIC authority of the files to *USE or, in your case, give the group profile *USE to the authorization list. This allows users to download the information into Excel spreadsheets or to use Crystal Reports but they cannot update or change the data. Or, if you prefer that they have no access through these interfaces, you can grant the group *EXCLUDE to the authorization list. They will still be able to run the application because they have authority through adopted authority but they will have no access outside of the application.

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

Digg This!

StumbleUpon

Del.icio.us

RELATED RESOURCES

	2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
	Search Bitpipe.com for the latest white papers and business webcasts
	Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

iSeries Networking - Printing, Remote Access, TCP/IP

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 1999 - 2009, TechTarget \| Read our Privacy Policy