Q
Manage Learn to apply best practices and optimize your operations.

Menu security's relationship to object authority

On AS/400, if a group of users has been assigned a menu that does not get them to any security functions, they are still able to access sensitive objects because of the *ALL authority to PUBLIC.

I am kind of new to OS/400 and iSeries. I was wondering if menu security prevails over object authority?

Let's say in a security level 30 environment, a sensitive object has been assigned the *ALL authority for *PUBLIC. If a group of users has been assigned a menu that does not get them to any security functions, would they still be able to access that sensitive object because of the *ALL authority to PUBLIC, or would that be impossible due to their menu options?

While the user may not be able to access the object through a menu option, there are many other ways to access objects, other than through a menu. If they have access to a command line and their profiles are not set to LMTCPB(*YES), they will be able to access the objects. Then there are network interfaces such as iSeries Access file transfer, FTP, ODBC, SQL, a sockets program and a web program. All of these access i5/OS objects. To ensure appropriate access controls, you must use object level security -- that way, regardless of how the object is accessed, it is protected.

Dig Deeper on iSeries system and application security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

Close