Q
Manage Learn to apply best practices and optimize your operations.

Menu security's relationship to object authority

On AS/400, if a group of users has been assigned a menu that does not get them to any security functions, they are still able to access sensitive objects because of the *ALL authority to PUBLIC.

I am kind of new to OS/400 and iSeries. I was wondering if menu security prevails over object authority?

Let's say in a security level 30 environment, a sensitive object has been assigned the *ALL authority for *PUBLIC. If a group of users has been assigned a menu that does not get them to any security functions, would they still be able to access that sensitive object because of the *ALL authority to PUBLIC, or would that be impossible due to their menu options?

While the user may not be able to access the object through a menu option, there are many other ways to access objects, other than through a menu. If they have access to a command line and their profiles are not set to LMTCPB(*YES), they will be able to access the objects. Then there are network interfaces such as iSeries Access file transfer, FTP, ODBC, SQL, a sockets program and a web program. All of these access i5/OS objects. To ensure appropriate access controls, you must use object level security -- that way, regardless of how the object is accessed, it is protected.
This was last published in August 2008

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

Close