1.  Home
  2. SECURITY400
  3. May 2004

RE: Documenting / Managing iSeries security

Michael,

Option 2 is what I'm dealing with.

First step was to take away *ALLOBJ from most of the 259 users who had it;
initially just those who didn't know they had it or what it really meant.
The battle to take it away from those who know will be fought a little later
;-)


Charles


> -----Original Message-----
> From: Mayer, Michael (CMA Consulting) [mailto:mmayer@xxxxxxx]
> Sent: Friday, May 14, 2004 10:47 AM
> To: 'Security Administration on the AS400 / iSeries'
> Subject: RE: [Security400] Documenting / Managing iSeries security
> 
> 
> It's a big task. I did this in a shop with 7 AS/400's along 
> with thousands
> of users several years back.
> I also did it in a shop where there had been no security for 
> 20 years on a
> very large AS/400 that ran 24 x 7 x 365 without disturbing 
> the business. The
> users had always dictated what IT did in this particular 
> place. The politics
> was more difficult than the implementation. The planning was 
> also very time
> consuming, especially the naming convention standards ....
> If I can help you in any way via email exchanges, let me know .... 
> 
> Michael Mayer - CMA Consulting.
> 700 Troy-Schenectady Road
> Latham, New York 12110
> AS400 Administrator - NJ State WIC Program.
> 518.783.9003 - Office
> 518.429.2235 - Direct
> 518.783.5093 - FAX
> MMayer@xxxxxxx
> http://www.cma.com
> 
> 
> 
> 
> 
> -----Original Message-----
> From: CWilt@xxxxxxxxxxxx [mailto:CWilt@xxxxxxxxxxxx]
> Sent: Friday, May 14, 2004 10:32 AM
> To: security400@xxxxxxxxxxxx
> Subject: RE: [Security400] Documenting / Managing iSeries security
> 
> 
> Michael,
> 
> Using authorization lists along with primary group and 
> supplemental group
> profiles is exactly what I intend to do.
> 
> It's just I have 8,500 objects and 387 user profiles.
> 
> I'd like an easier to use method of documenting and/or 
> managing the design;
> which authorization lists control which objects, which groups 
> are on which
> lists, and which users are in which groups.
> 
> Charles
> 
> > -----Original Message-----
> > From: Mayer, Michael (CMA Consulting) [mailto:mmayer@xxxxxxx]
> > Sent: Friday, May 14, 2004 9:52 AM
> > To: 'Security Administration on the AS400 / iSeries'
> > Subject: RE: [Security400] Documenting / Managing iSeries security
> > 
> > 
> > I would set things up via authority lists and secure the 
> > objects in question
> > by group profile / supplemental group profile.
> > There's a couple of good reasons for doing things this way.
> > First, this method allows you to add / delete employees user 
> > profiles to
> > objects via the group / supplemental profile as they join, 
> > leave ro transfer
> > within the company. You would only have to be concered with 
> > object ownership
> > before deleting a user profile.
> > Second, in the vent of a crash, even with SAVSECDTA tapes / 
> > RSTAUT commands,
> > individual authority is not restored to objects upon restore.
> > Authority list authority is restored.
> > 
> > You may also want to check out WWW.KISCO.COM
> > They're a pretty good AS/400 security firm.
> > 
> > 
> > 
> > 
> > Michael Mayer - CMA Consulting.
> > 700 Troy-Schenectady Road
> > Latham, New York 12110
> > AS400 Administrator - NJ State WIC Program.
> > 518.783.9003 - Office
> > 518.429.2235 - Direct
> > 518.783.5093 - FAX
> > MMayer@xxxxxxx
> > http://www.cma.com
> > 
> > 
> > 
> > 
> > 
> _______________________________________________
> This is the Security Administration on the AS400 / iSeries 
> (Security400)
> mailing list
> To post a message email: Security400@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/security400
> or email: Security400-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/security400.
> _______________________________________________
> This is the Security Administration on the AS400 / iSeries 
> (Security400) mailing list
> To post a message email: Security400@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/security400
> or email: Security400-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/security400.
>

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.