1.  Home
  2. MIDRANGE-L
  3. April 1997

Re: Security level

  • Subject: Re: Security level
  • From: John Earl <johnearl@xxxxxxxxx>
  • Date: Sat, 19 Apr 1997 22:55:58 -0700
 
At 03:26 PM 4/19/97 -0400, Al wrote:
>At 10:38 AM 4/19/97 -0700, you wrote:
>>At 10:20 AM 4/18/97 +0200, Maurice wrote:
>>>We wanna go from security level 30 to 40, any suggestions where we have
>>>to think about. We already have some things to think about, but maybe I
>>>forget some things
>
>>If all your concerned about is the jump
>>to Level 40 you should be tracking *AUTFAIL & *PGMFAIL.  
>
>This is incorrect.  If all you are concerned about is L40, then the only
>thing you need to be concerned about is *PGMFAIL.  *AUTFAIL logs access
>failures and  bad sign-ons.

Al,

I'm sorry, but if you aren't checking *AUTFAIL then you'll never catch the
authority failures that, while logged in QAUDJRN as an AF, are still
permitted to execute under Level 30 (SBMJOB using a JOBD that contains a
USRPRF that the submitter is not authorized to is one example).  Level 30
security permits, but logs as a failure, a number of things that level 40
won't allow.  You need to have both *PGMFAIL and *AUTFAIL on to catch them all.

Topic 2.4.9 - Changing to Security Level 40 - in the OS/400 Security
Reference V3R7 (QBJALC01), covers this topic quite well for those who want
the nitty-gritty details.

HTH,

jte
 
*************************************************
* John Earl     Gig Harbor, Washington  U.S.    *
* Email:        johnearl@lns400.com             *
* http:         www.lns400.com                  *
* Phone:        206-858-7388                    *
*************************************************

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* This is the Midrange System Mailing List!  To submit a new message,   *
* send your mail to "MIDRANGE-L@midrange.com".  To unsubscribe from     *
* this list send email to MAJORDOMO@midrange.com and specify            *
* 'unsubscribe MIDRANGE-L' in the body of your message.  Questions      *
* should be directed to the list owner / operator: david@midrange.com   *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.