Manage
Learn to apply best practices and optimize your operations.
Guidelines for preventing access to commands and duplication of objects
On AS/400, ensuring that a piece of data's object-level security has been set properly should be your first line of defense. Appendix C and D in the IBM i security reference manual provide IBM's recommendations for which commands should be set to *Public *Exclude, as well as CL commands and the authorities required to run them.
Multi part question:
1. What are the recommendations for commands that should be *Public *Exclude?
2. The current example is the command CRTDUPOBJ which is *Public *Use but few users have command line authority to run the command. For those who do have command line, are there other authorities required to create a duplicate object?
In Appendix C of the
System i Security Reference manual (PDF) you'll see a list of the commands that IBM ships with *PUBLIC authority set to *EXCLUDE. This is a good place to start. Then in Appendix D in the same manual, you'll see all of the CL commands listed along with the authority required to run them. Ensuring that the data's object level security has been set properly should be your first line of defense (rather than focusing on securing commands). For example, if users don't have authority to the file, they won't be able to duplicate it.
This was last published in December 2008
Dig Deeper on iSeries system and application security
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.
Meet all of our AS/400 experts
View all AS/400 questions and answers
Start the conversation
0 comments