Manage Learn to apply best practices and optimize your operations.

Guidelines for preventing access to commands and duplication of objects

On AS/400, ensuring that a piece of data's object-level security has been set properly should be your first line of defense. Appendix C and D in the IBM i security reference manual provide IBM's recommendations for which commands should be set to *Public *Exclude, as well as CL commands and the authorities required to run them.

Multi part question:

1. What are the recommendations for commands that should be *Public *Exclude?

2. The current example is the command CRTDUPOBJ which is *Public *Use but few users have command line authority to run the command. For those who do have command line, are there other authorities required to create a duplicate object?

In Appendix C of the System i Security Reference manual (PDF) you'll see a list of the commands that IBM ships with *PUBLIC authority set to *EXCLUDE. This is a good place to start. Then in Appendix D in the same manual, you'll see all of the CL commands listed along with the authority required to run them. Ensuring that the data's object level security has been set properly should be your first line of defense (rather than focusing on securing commands). For example, if users don't have authority to the file, they won't be able to duplicate it.

Dig Deeper on iSeries system and application security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.