The most sensitive files on our iSeries are unsecured (*PUBLIC has *ALL authority), as the vendor-supplied applications that use them rely on their custom menu security to control access to the files. For this reason we have restricted file download capability to only a few IS users, but now we're receiving pressure from the user community to make this ability available to other departments. Is there a way that we can control which objects users have authority to download in this scenario?
This is a common scenario today. The solution demands the use of exit programs. You can write your own (which I don't recommend doing) or you can buy a third-party solution. There are numerous vendors providing exit program solutions today. There may be others, but I know that at least SafeStone, PentaSafe and Kisco have products that take the "object authority" approach that you have described. These products allow you to define the users' capabilities when accessing the objects through network interfaces such as FTP, ODBC and data transfer.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: Tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Read this Search400 Featured Topic: Secure your iSeries
Dig Deeper on iSeries physical security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
The UPPWEI field corresponds to the password expiration interval field, and its values "0" and "-1" represent the *SYSVAL and *NOXMAX commands. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.