An open systems function is making a call to AS/400 to run a stored procedure. Our security group needs to ensure that the profile used to make that call cannot do anything else (i.e. cannot call a different procedure or call an RPG-based program). How can I ensure that the process is given explicit access to call only that one function and nothing else? Do I grant authority to just that one stored procedure object?
If you are using one of the exit-point vendors' solutions, you could allow this specific stored procedure to be run and deny access to all other network interface calls (such as FTP or DDM calls. You would then need to make sure that the profile could not be used for interactive sign on. To do this, you'd need to make sure the initial program was *NONE and the initial menu was *SIGNOFF. However this configuration is not perfect or foolproof. I5/OS has not provided exit points for all entrances to the system, so the profile could still be used for Web applications and socket programs, if not more. Also, the profile could still be used to submit and run batch or scheduled jobs.
Dig Deeper on Systems Management Tools
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ...
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ...
The UPPWEI field corresponds to the password expiration interval field, and its values "0" and "-1" represent the *SYSVAL and *NOXMAX commands.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.