Are my objects really secured?
I come from OS/390 environment. I have recently been assigned to the ISeries system. When reviewing the security of my objects, through WRKOBJ display authority, I see that the objects are not secured by an authorization list and PUBLIC has full access. Our security guy, however, says that the objects are secured from the authorization lists. When checking the authorization lists, I found out that the authorization lists are securing the library that my objects are in.
Basically, what I asking is are my objects really secured, and shouldn't I remove the PUBLIC access from the all objects?
Not necessary - to get to the objects within a library (or a directory) you have to have authority to the library (or directory) itself. So if *PUBLIC authority to the authorization list is *EXCLUDE or various users or groups have been given *EXCLUDE authority to the authorization list and the authorization list secures the library, then they will not be able to get to the objects within the library. You should be able to easily prove this for yourself. Create a user that looks like a user that shouldn't be getting at those objects. Try to perform some operation on one of those files - open it or display its authority. If the authorities are set up as you have indicated, you should receive a "not authorized" message.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: Tips, tutorials and more.
Search400.com's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Read this Search400.com Featured Topic: Secure your iSeries
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
The UPPWEI field corresponds to the password expiration interval field, and its values "0" and "-1" represent the *SYSVAL and *NOXMAX commands. Continue Reading