What is the best way to implement a security policy on a menu-based legacy application? I am contemplating putting up a physical file containing the name of user groups and the programs they are authorized to use. A CL program can then be run to set the authorities as per the information in the pf. Is there any better way around?
From what you asked in your question, I am going to make the following assumptions:
- You are going to secure the interfaces that manipulate the data (that is, programs) rather than securing the data itself
- You have already use group profiles as part of your security implementation
One way to simplify the approach is if programs can be grouped by usage. For example, if a user is authorized to menu option 3, they also get menu option 4, 5 and 6. You could then secure the programs, Opt_3, Opt_4, Opt_5 and Opt_6 with an authorization list. The groups needing authority to this set of menu options can then be given *USE authority to the authorization list.
The program with this approach is if users could have authority to use menu option 4 but are restricted from 3, 5 or 6. Then you might as well just give the group*USE to the program itself.
Perhaps another approach would be to secure the data files rather than the interfaces accessing the data files ... ?
MORE INFORMATION ON THIS TOPIC
The Best Web Links: Tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Read this Search400 Featured Topic: Secure your iSeries
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
On AS/400, the journal type AF subtype K, shows that a user profile lacks the special authority required by the function attempting to run. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.