|
midrange-l-request@xxxxxxxxxxxx wrote: > 7. Sarbanes-Oxley and the AS400 (Greg Wenzloff) > >We are preparing for our audit and the team has requested a list of "new >users added to the operating system" ... "list should be obtained from the >operating system based on creation date". > >I know that SECTOOLS has several useful reports but I don't see anything >with a creation date for the user profile. Does anyone know if that info >is available from the system? Thanks. Greg: Not much help, I'm afraid. As others have mentioned, DSPOBJD to an outfile for *USRPRF objects might give a file you can query for what you need here. Hard to go into details though. Because... >While I'm typing let me add that they also want a "list of users with >security access changes". I'm not entirely sure what that means nor how to >get a report. > >We are at V4R4 and do not have auditing turned on. ...ouch. Without auditing plus various on-going analyses of audit journal entries, this is practically impossible. Of course, if you had some kind of system administrator application through which all such changes must go and which securely logged what was done, then system security audit journaling might not be important. Without an audit trail, it's hard to imagine much that can be done for anything resembling "users with security access changes". And this gets significantly more complex depending on what that phrase means. E.g., would that cover any new private authorities granted to users? Authorities for groups? Authorization list changes? Or should it be restricted to direct changes to special authorities in user profiles? If a library has CRTAUT(*CHANGE) and a new object is created there, should that count even though it might refer to *PUBLIC rather than particular users? Interesting stuff, dealing with auditors. Especially if you're unlucky enough to get one that knows enough about the system to make a mess. I'm not sure if that's worse than one who knows all about some other kind of system and wants to know what you're doing to prevent the same kind of vulnerabilities, even when they don't exist in a similar form. I sure hope you'll report back after the audit and fill others in on the result. It seems to me we hear more "It's going to happen (an audit)" and not enough "After the audit, we've had to..." Tom Liotta -- Tom Liotta The PowerTech Group, Inc. 19426 68th Avenue South Kent, WA 98032 Phone 253-872-7788 x313 Fax 253-872-7904 http://www.powertech.com __________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact copyright@midrange.com.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.