RE: Programmer DFU access

["Bull, Jeff" <BullJ1@xxxxxxxxxxxxxxxx>]

Hi Johnny,
        I used to work for First National Bank (on of the many); our
programmers used DFU, but we still passed an audit with flying colours . . .
why ? We made sure NO programmer had access *ALLOBJ, they were in a single
group-profile; all we used bulk standard OS/400 object security to protect
the production data files, *EXCLUDE on the programmer group; it is the data
you need to protect, limiting/removing access to the tools is a red-herring.
If the auditors are sceptical, give them a programmer signon and let them
try to update a production file with DFU . . . I did, and my case was won.

Jeff B.

-----Original Message-----
From: Johnny Helms [mailto:Johnny.Helms@RHTelCo.Com]
Sent: Thursday, June 15, 2000 7:32 PM
To: MIDRANGE-L@midrange.com
Subject: Programmer DFU access


I am looking for suggestions on how to secure a current production AS/400 
that has programmer's using DFU to change data in files. We do have a 
development system and I thought change management would allow this 
practice to be ended. However, after talking with Aldon, they have no 
suggestions.  The reason I am trying to end this practice is due to an 
Audit we recently had that we failed miserably.

TIA,

Johnny Helms
Mid-Range Sytems Engineer

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator:
david@midrange.com
+---
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---