Working with OpsNav's security-related functions
From Roger Pence's AS/400 Letter on Windows, Workgroups and the Web, June 5, 2000. Provided courtesy of The 400 Group.
Operations Navigator provides so many AS/400 functions it's easy to overlook its bounty. This article drills into some of the easily missed, but valuable security-related features that OpsNav offers. It's important to remember that OpsNav obeys OS/400-imposed authorities and security; thus to be able to perform the following functions, you must be signed on to the AS/400 through OpsNav with a user profile with appropriate authorities.
OpsNav provides a handy security wizard that, after asking you several questions about your AS/400 environment, suggests, and optionally, makes changes to your AS/400 security configuration.
Be patient running the Security Wizard; many panels are displayed and many questions are asked. Keep an eye open for this especially handy feature the wizard offers: Near the end of its questions, it will ask if you want to schedule regular recurring security reports (one a week or once a month). Answer yes to this and look at these reports occasionally. This is a good way to stay current with a seemingly ever-changing AS/400.
After the wizard has run, it provides a full report of its suggested changes. Be sure to review all the Security Wizard's options before blindly accepting its changes. You may want to simply print its report out and make some of its suggested changes manually.
Although OpsNav's Security Wizard won't impose its suggested changes unless you explicitly tell it to, some administrators are loathe to use it. If you'd rather use a read-only version of the Security Wizard, check out the AS/400's online Security Wizard at http://www.as400.ibm.com/tstudio/secure1/index_av.htm
Working with users and groups
OpsNav lets you visually work with users and groups. You can create, change or delete AS/400 user and group profiles. Use OpsNav's access OpsNav's Users and Groups node to work with user and group profiles.
The dialogs OpsNav presents to work with users and groups are rationally laid out and require little use of the online help to use them appropriately. However, hidden features lurk that you shouldn't miss. For example, you can use drag and drop from within OpsNav to copy users and groups from one AS/400 in OpsNav to another. It's these kinds of OpsNav user interface enhancements that go above and beyond anything the green screen offers -- they really reveal the true OpsNav's payload. Be aware that when you duplicate user profiles, either from system to system or within a single system, that the user profile password is encrypted internally on each system. Therefore, duplicating the password from a user profile is not performed. For duplicated profiles, the user will need to change the password at the next logon.
OpsNav provides an effective, interactive way to work with both system and audit policies. Access these functions through OpsNav's security primary node. These features let you administer the audit and security-related system values for your AS/400.
Before you go hog wild with the audit facilities, be sure you fully understand the impact on your system that the required journal receivers may have. They can grow quite large.
Full details on these many other OpsNav features can be found in the new OpsNav redbook at http://www.redbooks.ibm.com/abstracts/sg245646.html
This was first published in June 2000