Q
Manage Learn to apply best practices and optimize your operations.

Reduce the number of *ALLOBJ and other special authorities

I have been asked to reduce the number of *ALLOBJ and other special authorities from our users on six iSeries'. I am not sure how to approach this. I have started to look at the public authorities that exist, and have put the users in groups and granted the groups enough authority to the libraries and then to the files. This is after I have taken away the *ALLOBJ. Does this sound like the correct path?

Yes, you are going down the right path. If you can, you want to step back and not get caught up in the details too quickly. One approach to take is outlined in a publication in IBM's Infocenter. It's a publication called Basic Security and you can find it under the Security topic. It takes a high-level approach and then walks you through various levels until you're implementing the details. First it has you list out each application on your system, then the type of user needing to use each application, and then the access each type of user requires. The next section is to list out the types of users on the system and categorizing them into groups. Eventually you get down to moving users into groups and authorizing the groups to the objects directly or to authorization lists securing the objects.

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips


This was last published in September 2002

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

Close