
	Home > Ask the AS/400 Experts > iSeries Security Questions & Answers > Granting OS/400 users special authorities

Ask The iSeries 400 Expert: Questions & Answers

EMAIL THIS

Granting OS/400 users special authorities

EXPERT RESPONSE FROM: Carol Woodbury

		Pose a Question

		Other iSeries 400 Categories

		Meet all iSeries 400 Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 10 February 2005
I remember the old VAX/VMS operating system that allowed us to give an individual certain "types" of security -- for instance, the authority to work with and to manage job queues. VMS had predefined authority items and associated them with their corresponding operating system command. In the example, the user would be able to issue any job queue command if they had the "job queue type" of authority granted to their user ID.

Is there a similar way on OS/400 that we can grant specific security options to a person or group that allows only them the authority to fully manage a specific type of task?

We would define different areas that need security, such as job queues, working with all FTP functions, working with WebSphere jobs, etc.

Right now, we just depend on the person having security officer authority and that is always difficult to maintain for several users.

In OS/400 there's the concept of special authorities that gives the user (or group) the ability to perform some function, such as *JOBCTL which gives the user authority to manage other users' jobs. However, the special authorities are predefined and you cannot create your own or customize the existing ones. There is also the concept of a group profile. Make users members of the group profile and give the group authority to access objects (files or libraries) and assign the group capabilities, and all of the members "inherit" the authority and capabilities from the group. This is how role-based access is implemented in OS/400. Define the roles, create a group for each role and based on the tasks the role must perform, grant the group the appropriate authorities and capabilities required for the tasks.

Finally there is the concept of an authorization list that allows you to quickly and easily manage a set of objects that all need the same authority.

For more details on these concepts you can check the iSeries Security Reference manual available as a .PDF from the IBM Information Center. The concepts are also explained and practical examples given in my book, Experts' Guide to OS/400 and i5/OS Security.

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

Visit the ITKnowledge Exchange and get answers to your security questions fast.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	iSeries Security
	Changing password security levels and upgrading operating systems on the IBM i
	Determine the value of parameter UPPWEI in the DSPUSRPRF field
	Define journal code value "K"
	Modify content within a journal receiver file
	Change password parameters on the AS/400 without deactivating user's passwords
	Prevent insiders with READ or USE access from circumventing object authority on IBM i
	Prevent insiders from obtaining user ids and passwords on the IBM i
	Change the IBM i system to allow only certain types of SSL protocol versions
	Authorize a specific user to select files in a separate library
	Allow a user to view a library prod without granting full access to all data

i5/OS

Recovering from DST QSECOFR password disablement on V5R4

Checking if a local port is used by another job on AS/400

How to: Configure a backup schedule between partitions on HMC

Enhancements in the intrusion detection system for i5/OS V6R1

The enhanced DB2 inside i5/OS V6R1

New password-control security features for i5/OS V6R1

Is i5/OS V6R1 in your System i shop's future

New i5/OS features announced as anticipation mounts

Using indexes on DB2 for i5/OS to improve performance

IBM previews new version of i5/OS for System i

i5/OS Research

iSeries system and application security

Developing a security incident response system for System i

Setting up security for programmers on IBM i

Blocking AS/400 DB2 users

Trouble accessing IFS path from Win2k3 server

Checking in on your IBM i authorization lists

Strategies for securing IBM i production files

Changing password security levels and upgrading operating systems on the IBM i

Determine the value of parameter UPPWEI in the DSPUSRPRF field

Define journal code value "K"

Modify content within a journal receiver file

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

AS/400 (Search400.com)

i5/OS (Search400.com)

iSeries (Search400.com)

OS/400 (Search400.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

iSeries Networking - Printing, Remote Access, TCP/IP

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 1999 - 2009, TechTarget \| Read our Privacy Policy