If a legacy application is using RPG II to write data files to an iSeries 400 machine, are the files flat files instead of database files? If so, and the system has a security level of 20, how secure are these files? This environment is running OS/400 version 3 and an old application on top of it.
The files are, more than likely, not secure at all. The problem with security level 20 is that, by default, all users are created with *ALLOBJ special authority. This means that, by default, anyone can literally do anything to all objects - files, libraries, etc on the system. For example, files can be deleted or updated, programs can be replaced or production data copied to a PC and sold to a competitor. Needless to say, this is a dangerous situation. You can remove *ALLOBJ from user profiles at security level 20. If you do that for all profiles, you are essentially running with the same protection as security level 30. But before you can remove the *ALLOBJ, you have to have a scheme for users to get the authority they need to the data so they can still do their jobs.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
On AS/400, the journal type AF subtype K, shows that a user profile lacks the special authority required by the function attempting to run. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.