Is there a similar way on OS/400 that we can grant specific security options to a person or group that allows only them the authority to fully manage a specific type of task?
We would define different areas that need security, such as job queues, working with all FTP functions, working with WebSphere jobs, etc.
Right now, we just depend on the person having security officer authority and that is always difficult to maintain for several users.
Finally there is the concept of an authorization list that allows you to quickly and easily manage a set of objects that all need the same authority.
For more details on these concepts you can check the iSeries Security Reference manual available as a .PDF from the IBM Information Center. The concepts are also explained and practical examples given in my book, Experts' Guide to OS/400 and i5/OS Security.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Check out this Search400.com Featured Topic: Top ten security tips
Visit the ITKnowledge Exchange and get answers to your security questions fast.
Dig Deeper on i5-OS
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
When error messages arise concerning attempts to use a permanent system object without authority, find the source of the issue by looking for an AF ... Continue Reading