Q
Manage Learn to apply best practices and optimize your operations.

Prevent files from being updated

Based on a prior audit observation, we have had to change the security on our iSeries (level 30) to the following:

1. Change *public access from *change to *use.
2. Create a unique profile (no sign on) called REGUSR. This profile has *ALLOBJ auth.
3. Change all files as owned by REGUSR and change all programs with REGUSR as owner and to adopt authority. All access is menu controlled so that when a user accesses the option, the program takes over control by the adopt authority.

Please give me your thoughts on this. I see how this can prevent files from being updated outside the control of our security. But I was wondering if there is another way to handle this.


Adopted authority is certainly one of the most popular application authorization methods. If you want to understand the various application authorization methods available, you might read the article, "Designing Security into Applications" (if you're an iSeries Network professional member) that I wrote for the August 2002 issue of iSeries News. If you want more information, several of my Security Patrol columns at McPressOnline have answered questions regarding many aspects of adopted authority. By the way, I highly recommend that you move to security level 40 or 50, as security can be easily circumvented at lower security levels.

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: Tips, tutorials and more.

Search400.com's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Read this Search400.com Featured Topic: Secure your iSeries


Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

Close