What is the best way to implement a security policy on a menu-based legacy application? I am contemplating putting up a physical file containing the name of user groups and the programs they are authorized to use. A CL program can then be run to set the authorities as per the information in the pf. Is there any better way around?
From what you asked in your question, I am going to make the following assumptions:
- You are going to secure the interfaces that manipulate the data (that is, programs) rather than securing the data itself
- You have already use group profiles as part of your security implementation
One way to simplify the approach is if programs can be grouped by usage. For example, if a user is authorized to menu option 3, they also get menu option 4, 5 and 6. You could then secure the programs, Opt_3, Opt_4, Opt_5 and Opt_6 with an authorization list. The groups needing authority to this set of menu options can then be given *USE authority to the authorization list.
The program with this approach is if users could have authority to use menu option 4 but are restricted from 3, 5 or 6. Then you might as well just give the group*USE to the program itself.
Perhaps another approach would be to secure the data files rather than the interfaces accessing the data files ... ?
MORE INFORMATION ON THIS TOPIC
The Best Web Links: Tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Read this Search400 Featured Topic: Secure your iSeries
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
The UPPWEI field corresponds to the password expiration interval field, and its values "0" and "-1" represent the *SYSVAL and *NOXMAX commands. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.