
	Home > Ask the AS/400 Experts > iSeries Security Questions & Answers > User authority: How much is too much?

Ask The iSeries 400 Expert: Questions & Answers

EMAIL THIS

User authority: How much is too much?

EXPERT RESPONSE FROM: Carol Woodbury

		Pose a Question

		Other iSeries 400 Categories

		Meet all iSeries 400 Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 01 October 2002
My 400 shop is at security level 30. I would like to change my operators profile to include *iosyscfg, *jobctl, *savsys, and *secadm. I want my operators to be able to look at joblogs. Shouldn't *jobctl give them this ability? I am still running into "not authorized to view" errors.

Users can see and work with spooled files based on how the output queue was created as well as whether they have *JOBCTL or *SPLCTL special authority. *SPLCTL is the equivalent of *ALLOBJ only for spooled files. They can work with all spooled files on the system -- not usually the scope most organizations want to give their operators. To understand how *JOBCTL works with the outq attributes, check out the iSeries Security Reference manual, Chapter 6 or my book Implementing AS/400 Security - Chapter 6. Both books have a table that explains the settings. Use the OS/400 command Print Queue Authority (PRTQAUT) command to list the outqs and their security attributes.

One last thing. Do you realize the power you are giving your Operators? If you do and it's the business decision that you are making, that's fine. Giving Operators *IOSYSCFG gives them the capability to configure all aspects of communications, including changing the configuration of TCP/IP servers, etc. Giving them *SECADM gives them the capability to create user profiles and then manage those profiles.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	iSeries physical security
	Security considerations for IBM i backups
	Time for a security checkup for your i
	Recovering your AS/400 security configuration
	A guide to System i security, part 2: Landing and establishing access
	A guide to System i security: Descending into the heart of darkness of IT security
	Learning guide: Steps to a secure System i
	Securing printed output
	12 security tips in 12 minutes
	Are all of your System i (iSeries) doors closed? -- part 1
	Can you trust all those trigger programs?

iSeries system and application security

Developing a security incident response system for System i

Setting up security for programmers on IBM i

Blocking AS/400 DB2 users

Trouble accessing IFS path from Win2k3 server

Checking in on your IBM i authorization lists

Strategies for securing IBM i production files

Changing password security levels and upgrading operating systems on the IBM i

Determine the value of parameter UPPWEI in the DSPUSRPRF field

Define journal code value "K"

Modify content within a journal receiver file

iSeries Security

Changing password security levels and upgrading operating systems on the IBM i

Determine the value of parameter UPPWEI in the DSPUSRPRF field

Define journal code value "K"

Modify content within a journal receiver file

Change password parameters on the AS/400 without deactivating user's passwords

Prevent insiders with *READ or *USE access from circumventing object authority on IBM i

Prevent insiders from obtaining user ids and passwords on the IBM i

Change the IBM i system to allow only certain types of SSL protocol versions

Authorize a specific user to select files in a separate library

Allow a user to view a library prod without granting full access to all data

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

midrange (Search400.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

iSeries Networking - Printing, Remote Access, TCP/IP

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 1999 - 2009, TechTarget \| Read our Privacy Policy