- Make sure the system is running at security level 40.
- Reduce the number of users that have *ALLOBJ special authority to only those users that require it for the job functions -- in other words, system administrators or security officers (notice I did mot include operators or programmers in this list!).
- Use object level security to secure files containing private or sensitive data. Object-level security is the only authorization method that is always in effect, no matter what interface is used to access the object (files).
If you want to understand the current state of your security configuration, I suggest that you look into my company's risk assessment product -- SkyView Risk Assessor for OS/400 and i5/OS, which describes each issue, explains why it's an issue and helps you get started remediating the issues.
Dig Deeper on Security Tools
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
On AS/400, the journal type AF subtype K, shows that a user profile lacks the special authority required by the function attempting to run. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.