SlideShare a Scribd company logo

Security 101: Limiting Powerful User Profiles

Precisely
Precisely

This document discusses limiting powerful user profiles on IBM i systems. It defines what makes a profile powerful, such as special authorities, user class, and limit capabilities. Specific special authorities are outlined that provide elevated access, such as *ALLOBJ. The challenges of managing elevated authority, such as frequent requests for more access, are discussed. Third-party solutions are presented as an option to automate elevated authority management and provide separation of duties, auditing, and risk reduction. Syncsort is presented as a vendor that can help with solutions for data privacy, access control, compliance monitoring, security risk assessments, and more.

Technology
1 of 14
Download to read offline
Security 101: Limiting Powerful IBM i User Profiles Alan Hamm Sales Engineer 1
Agenda • Reducing Powerful Profiles • Managing Elevated Authority • Tradeoffs: DIY or Packaged Solutions? • How Syncsort Can Help 2
What Is a Powerful Profile? From an IBM i OS viewpoint, three things contribute to making powerful profiles: 1. Special authorities 2. User class 3. Limit capabilities 3
“Special authority is used to specify the types of actions a user can perform on system resources. A user can be given one or more special authorities.” IBM i, Security, Security reference, Version 7.3 Special Authority Special Authority Actions Allowed *ALLOBJ Access any resource – overrides private authority Essentially gives access to all functions on the system. *SECADM Create, change and delete user profiles. *SECADM + *ALLOBJ can give *SECADM to another user. *JOBCTL Stop subsystems, Perform an initial program load(IPL) *SPLCTL Any operation on any spooled file in the system. No protection against confidential spooled files. *SAVSYS Save, Restore and free storage for all objects on system. *SERVICE STRSST, Debug with only *USE authority, Trace. *AUDIT Stop, Start and prevent auditing on the system. *IOSYSCFG Change how the system is configured. Add or remove communication configurations and TCP/IP servers. 4
“User class is used to control what menu options are shown to the user on IBM i menus. This helps control user access to some system functions.” IBM i, Security, Security reference, Version 7.3 User Class User Class Special Authorities *SECOFR *ALL *SECADM *SECADM *PGMR *NONE *SYSOPR *JOBCTL, *SAVSYS *USER *NONE Special Authorities Defaults (Security Level 30 or Above) 5
“You can use the Limit capabilities field to limit the user’s ability to enter commands and to override the initial program, initial menu, current library, and attention-key- handling program specified in the user profile. This field is a tool for preventing users from experimenting on the system.” IBM i, Security, Security reference, Version 7.3 Limit Capabilities Function *YES *PARTIAL *NO Change initial program No No Yes Change initial menu No Yes Yes Change current library No No Yes Change attention program No No Yes Enter commands A few* Yes Yes * These commands are allowed by default: SIGNOFF, SNDMSG, DSPMSG, DSPJOB, DSPJOBLOG, STRPCO, WRKMSG. The user cannot use F9 to display a command line from any menu or display. 6
• Security auditors require that users be given only the authorities needed to do their job • Handling frequent user requests for elevated authority is time consuming • Elevated authority should only be granted as needed – and then revoked • The activity of users with elevated authorities should be monitored to protect sensitive data and operations • Separation of duties for administrators is best practice Challenges of Managing Elevated Authority I need to be *SYSOPR for this assignment! I need *ALLOBJ to do my job! Can I have *SPLCTL for my project? 7
• Satisfies security officers by reducing the number of powerful user profiles • Makes it easy to manage requests for elevated authority on demand • Enforces segregation of duties • Produces necessary alerts, reports and a comprehensive audit trail • Significantly reduces security exposures caused by human error • Reduces risk of unauthorized access to sensitive data Benefits of Elevated Authority Management Solutions 8
DIY or 3rd Party Tradeoffs Do-It-Yourself In-House • Stretched resources required for business critical projects • May need to bring in consultants or hire new employees because of lack of IBM i security knowledge and experience • Need to maintain and update in- house tools to stay on top of OS and PTF releases • Staff turnover can leave you without the ability to manage in-house solutions Third-Party Solutions • Frees up resources for other projects • Provides separation of duties • Leverages experts in the field • Vendor is in the business of releasing updated software • Vendors ensure programs stay current to the latest threats and OS capabilities • Vendor-provided services can fill skills gaps for implementation and management 9
How Syncsort Can Help 10
Data Privacy Protect the privacy of data at-rest or in-motion to prevent data breaches Access Control Ensure comprehensive control of unauthorized access and the ability to trace any activity, suspicious or otherwise Compliance Monitoring Gain visibility into all security activity on your IBM i and optionally feed it to an enterprise console Security Risk Assessment Assess your security threats and vulnerabilities 11 Syncsort offers security solutions that address the issues on the radar screen of every security officer and IBM i admin
Multi-Factor Authentication Strengthen login security by requiring multiple forms of authentication Elevated Authority Management Automatically elevate user authority as-needed and on a limited basis Access Control Secure all points of entry into to your system including network access, database access, command line access and more Access Control Solutions 12
Expert services are available for • Security risk assessment • Quick start services • Quick check services • Security update services (hot fixes, PTFs, new releases, etc.) • System update services (ensuring security solution is properly configured after system changes to IP addresses, OS versions, etc.) • Auditor assist (supporting internal or external auditors) • Managed security services • A la carte consulting Leverage the seasoned security experts in Syncsort Global Services! The Syncsort Services Team Is Here for You 13
Learn more at www.syncsort.com

Recommended

Asia,scrsots
Asia,scrsotsAsia,scrsots
Asia,scrsotsquadsols
 
SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012Microsoft TechNet - Belgium and Luxembourg
 
System Center Endpoint Protection 2012 R2
System Center Endpoint Protection 2012 R2System Center Endpoint Protection 2012 R2
System Center Endpoint Protection 2012 R2Norman Mayes
 
Eman,scrsots
Eman,scrsotsEman,scrsots
Eman,scrsotsquadsols
 
Introduction to erp
Introduction to erpIntroduction to erp
Introduction to erpAmeer Manathat
 
Lec # 1 chapter 2
Lec # 1 chapter 2Lec # 1 chapter 2
Lec # 1 chapter 2rereelshahed
 
NIC2012 - System Center Endpoint Protection 2012
NIC2012 - System Center Endpoint Protection 2012NIC2012 - System Center Endpoint Protection 2012
NIC2012 - System Center Endpoint Protection 2012Nicolai Henriksen
 
Security issues in os
Security issues in osSecurity issues in os
Security issues in osDevAdnani
 

Recommended

Asia,scrsots
Asia,scrsotsAsia,scrsots
Asia,scrsotsquadsols
 
SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012Microsoft TechNet - Belgium and Luxembourg
 
System Center Endpoint Protection 2012 R2
System Center Endpoint Protection 2012 R2System Center Endpoint Protection 2012 R2
System Center Endpoint Protection 2012 R2Norman Mayes
 
Eman,scrsots
Eman,scrsotsEman,scrsots
Eman,scrsotsquadsols
 
Introduction to erp
Introduction to erpIntroduction to erp
Introduction to erpAmeer Manathat
 
Lec # 1 chapter 2
Lec # 1 chapter 2Lec # 1 chapter 2
Lec # 1 chapter 2rereelshahed
 
NIC2012 - System Center Endpoint Protection 2012
NIC2012 - System Center Endpoint Protection 2012NIC2012 - System Center Endpoint Protection 2012
NIC2012 - System Center Endpoint Protection 2012Nicolai Henriksen
 
Security issues in os
Security issues in osSecurity issues in os
Security issues in osDevAdnani
 
Ch14-Software Engineering 9
Ch14-Software Engineering 9Ch14-Software Engineering 9
Ch14-Software Engineering 9Ian Sommerville
 
Non functional requirements - checklist
Non functional requirements - checklistNon functional requirements - checklist
Non functional requirements - checklistVu Hung Nguyen
 
Desktop Management: Achieving Unrivaled Performance
Desktop Management: Achieving Unrivaled PerformanceDesktop Management: Achieving Unrivaled Performance
Desktop Management: Achieving Unrivaled PerformanceScriptLogic
 
Centralizing security on the mainframe
Centralizing security on the mainframeCentralizing security on the mainframe
Centralizing security on the mainframeArun Gopinath
 
Lecture1423726024
Lecture1423726024Lecture1423726024
Lecture1423726024deepakjeetu
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMuhammad Asim
 
Autonomic Computing: Vision or Reality - Presentation
Autonomic Computing: Vision or Reality - PresentationAutonomic Computing: Vision or Reality - Presentation
Autonomic Computing: Vision or Reality - PresentationIvo Neskovic
 
Systems development and program change activities
Systems development and program change activitiesSystems development and program change activities
Systems development and program change activitieskristine manzano
 
Autonomic Computing by- Sandeep Jadhav
Autonomic Computing by- Sandeep JadhavAutonomic Computing by- Sandeep Jadhav
Autonomic Computing by- Sandeep JadhavSandep Jadhav
 
Autonomic computing
Autonomic computingAutonomic computing
Autonomic computingarpitmist
 
CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013Ian Sommerville
 
Extracting Quality Scenarios from Functional Scenarios
Extracting Quality Scenarios from Functional ScenariosExtracting Quality Scenarios from Functional Scenarios
Extracting Quality Scenarios from Functional ScenariosProf. Amir Tomer
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013Ian Sommerville
 
CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013Ian Sommerville
 
Aptera Cloud Event 2013 - Windows Intune - Eric Rupp
Aptera Cloud Event 2013 - Windows Intune - Eric RuppAptera Cloud Event 2013 - Windows Intune - Eric Rupp
Aptera Cloud Event 2013 - Windows Intune - Eric RuppAptera Inc
 
Hydra connect2015 security-accessibility-changemanagement-final
Hydra connect2015 security-accessibility-changemanagement-finalHydra connect2015 security-accessibility-changemanagement-final
Hydra connect2015 security-accessibility-changemanagement-finalnewmanld
 
Owny IT Desktop Monitoring Featurelist
Owny IT Desktop Monitoring FeaturelistOwny IT Desktop Monitoring Featurelist
Owny IT Desktop Monitoring FeaturelistNCS Computech Ltd.
 
Software engineering critical systems
Software engineering critical systemsSoftware engineering critical systems
Software engineering critical systemsDr. Loganathan R
 
CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013Ian Sommerville
 
Fault tolerance
Fault toleranceFault tolerance
Fault toleranceLekashri Subramanian
 
IBM i Security Exposures Infographic
IBM i Security Exposures InfographicIBM i Security Exposures Infographic
IBM i Security Exposures InfographicHelpSystems
 
IBM i Security Study
IBM i Security StudyIBM i Security Study
IBM i Security StudyHelpSystems
 

More Related Content

What's hot

Ch14-Software Engineering 9
Ch14-Software Engineering 9Ch14-Software Engineering 9
Ch14-Software Engineering 9Ian Sommerville
 
Non functional requirements - checklist
Non functional requirements - checklistNon functional requirements - checklist
Non functional requirements - checklistVu Hung Nguyen
 
Desktop Management: Achieving Unrivaled Performance
Desktop Management: Achieving Unrivaled PerformanceDesktop Management: Achieving Unrivaled Performance
Desktop Management: Achieving Unrivaled PerformanceScriptLogic
 
Centralizing security on the mainframe
Centralizing security on the mainframeCentralizing security on the mainframe
Centralizing security on the mainframeArun Gopinath
 
Lecture1423726024
Lecture1423726024Lecture1423726024
Lecture1423726024deepakjeetu
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMuhammad Asim
 
Autonomic Computing: Vision or Reality - Presentation
Autonomic Computing: Vision or Reality - PresentationAutonomic Computing: Vision or Reality - Presentation
Autonomic Computing: Vision or Reality - PresentationIvo Neskovic
 
Systems development and program change activities
Systems development and program change activitiesSystems development and program change activities
Systems development and program change activitieskristine manzano
 
Autonomic Computing by- Sandeep Jadhav
Autonomic Computing by- Sandeep JadhavAutonomic Computing by- Sandeep Jadhav
Autonomic Computing by- Sandeep JadhavSandep Jadhav
 
Autonomic computing
Autonomic computingAutonomic computing
Autonomic computingarpitmist
 
CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013Ian Sommerville
 
Extracting Quality Scenarios from Functional Scenarios
Extracting Quality Scenarios from Functional ScenariosExtracting Quality Scenarios from Functional Scenarios
Extracting Quality Scenarios from Functional ScenariosProf. Amir Tomer
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013Ian Sommerville
 
CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013Ian Sommerville
 
Aptera Cloud Event 2013 - Windows Intune - Eric Rupp
Aptera Cloud Event 2013 - Windows Intune - Eric RuppAptera Cloud Event 2013 - Windows Intune - Eric Rupp
Aptera Cloud Event 2013 - Windows Intune - Eric RuppAptera Inc
 
Hydra connect2015 security-accessibility-changemanagement-final
Hydra connect2015 security-accessibility-changemanagement-finalHydra connect2015 security-accessibility-changemanagement-final
Hydra connect2015 security-accessibility-changemanagement-finalnewmanld
 
Owny IT Desktop Monitoring Featurelist
Owny IT Desktop Monitoring FeaturelistOwny IT Desktop Monitoring Featurelist
Owny IT Desktop Monitoring FeaturelistNCS Computech Ltd.
 
Software engineering critical systems
Software engineering critical systemsSoftware engineering critical systems
Software engineering critical systemsDr. Loganathan R
 
CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013Ian Sommerville
 

What's hot (20)

Ch14-Software Engineering 9
Ch14-Software Engineering 9Ch14-Software Engineering 9
Ch14-Software Engineering 9
 
Non functional requirements - checklist
Non functional requirements - checklistNon functional requirements - checklist
Non functional requirements - checklist
 
Desktop Management: Achieving Unrivaled Performance
Desktop Management: Achieving Unrivaled PerformanceDesktop Management: Achieving Unrivaled Performance
Desktop Management: Achieving Unrivaled Performance
 
Centralizing security on the mainframe
Centralizing security on the mainframeCentralizing security on the mainframe
Centralizing security on the mainframe
 
Lecture1423726024
Lecture1423726024Lecture1423726024
Lecture1423726024
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
Autonomic Computing: Vision or Reality - Presentation
Autonomic Computing: Vision or Reality - PresentationAutonomic Computing: Vision or Reality - Presentation
Autonomic Computing: Vision or Reality - Presentation
 
Systems development and program change activities
Systems development and program change activitiesSystems development and program change activities
Systems development and program change activities
 
Autonomic Computing by- Sandeep Jadhav
Autonomic Computing by- Sandeep JadhavAutonomic Computing by- Sandeep Jadhav
Autonomic Computing by- Sandeep Jadhav
 
Autonomic computing
Autonomic computingAutonomic computing
Autonomic computing
 
CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013
 
Extracting Quality Scenarios from Functional Scenarios
Extracting Quality Scenarios from Functional ScenariosExtracting Quality Scenarios from Functional Scenarios
Extracting Quality Scenarios from Functional Scenarios
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013
 
CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013
 
Aptera Cloud Event 2013 - Windows Intune - Eric Rupp
Aptera Cloud Event 2013 - Windows Intune - Eric RuppAptera Cloud Event 2013 - Windows Intune - Eric Rupp
Aptera Cloud Event 2013 - Windows Intune - Eric Rupp
 
Hydra connect2015 security-accessibility-changemanagement-final
Hydra connect2015 security-accessibility-changemanagement-finalHydra connect2015 security-accessibility-changemanagement-final
Hydra connect2015 security-accessibility-changemanagement-final
 
Owny IT Desktop Monitoring Featurelist
Owny IT Desktop Monitoring FeaturelistOwny IT Desktop Monitoring Featurelist
Owny IT Desktop Monitoring Featurelist
 
Software engineering critical systems
Software engineering critical systemsSoftware engineering critical systems
Software engineering critical systems
 
CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013
 
Fault tolerance
Fault toleranceFault tolerance
Fault tolerance
 

Similar to Security 101: Limiting Powerful User Profiles

IBM i Security Exposures Infographic
IBM i Security Exposures InfographicIBM i Security Exposures Infographic
IBM i Security Exposures InfographicHelpSystems
 
IBM i Security Study
IBM i Security StudyIBM i Security Study
IBM i Security StudyHelpSystems
 
The Dangers of Elevated IBM i Authorities and How to Manage Them
The Dangers of Elevated IBM i Authorities and How to Manage ThemThe Dangers of Elevated IBM i Authorities and How to Manage Them
The Dangers of Elevated IBM i Authorities and How to Manage ThemPrecisely
 
Getting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC AccessGetting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC AccessHelpSystems
 
Security 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataSecurity 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataPrecisely
 
The Dark Side of Powerful Users
The Dark Side of Powerful UsersThe Dark Side of Powerful Users
The Dark Side of Powerful UsersHelpSystems
 
PowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful UsersPowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful UsersHelpSystems
 
PENTRATION TESTING Linux Escalation.ppt
PENTRATION TESTING Linux Escalation.pptPENTRATION TESTING Linux Escalation.ppt
PENTRATION TESTING Linux Escalation.pptjospinjj
 
5 Things Your Security Administrator Should Tell You
5 Things Your Security Administrator Should Tell You5 Things Your Security Administrator Should Tell You
5 Things Your Security Administrator Should Tell YouHelpSystems
 
Security 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataSecurity 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataPrecisely
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityPrecisely
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityPrecisely
 
4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less workIevgenii Katsan
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Andrejs Prokopjevs
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iPrecisely
 
Linux.pptx
Linux.pptxLinux.pptx
Linux.pptxNitz18
 
Taking Control of Access to Your IBM i Systems and Data
Taking Control of Access to Your IBM i Systems and DataTaking Control of Access to Your IBM i Systems and Data
Taking Control of Access to Your IBM i Systems and DataPrecisely
 
Introduction to Network and System Administration
Introduction to Network and System AdministrationIntroduction to Network and System Administration
Introduction to Network and System AdministrationDuressa Teshome
 
Implementing security and controls in people soft best practices - may 2017
Implementing security and controls in people soft best practices - may 2017Implementing security and controls in people soft best practices - may 2017
Implementing security and controls in people soft best practices - may 2017Smart ERP Solutions, Inc.
 

Similar to Security 101: Limiting Powerful User Profiles (20)

IBM i Security Exposures Infographic
IBM i Security Exposures InfographicIBM i Security Exposures Infographic
IBM i Security Exposures Infographic
 
IBM i Security Study
IBM i Security StudyIBM i Security Study
IBM i Security Study
 
The Dangers of Elevated IBM i Authorities and How to Manage Them
The Dangers of Elevated IBM i Authorities and How to Manage ThemThe Dangers of Elevated IBM i Authorities and How to Manage Them
The Dangers of Elevated IBM i Authorities and How to Manage Them
 
Getting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC AccessGetting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC Access
 
Security 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataSecurity 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and Data
 
The Dark Side of Powerful Users
The Dark Side of Powerful UsersThe Dark Side of Powerful Users
The Dark Side of Powerful Users
 
PowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful UsersPowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful Users
 
PENTRATION TESTING Linux Escalation.ppt
PENTRATION TESTING Linux Escalation.pptPENTRATION TESTING Linux Escalation.ppt
PENTRATION TESTING Linux Escalation.ppt
 
5 Things Your Security Administrator Should Tell You
5 Things Your Security Administrator Should Tell You5 Things Your Security Administrator Should Tell You
5 Things Your Security Administrator Should Tell You
 
Security 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataSecurity 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and Data
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access Security
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
 
4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
Linux.pptx
Linux.pptxLinux.pptx
Linux.pptx
 
Taking Control of Access to Your IBM i Systems and Data
Taking Control of Access to Your IBM i Systems and DataTaking Control of Access to Your IBM i Systems and Data
Taking Control of Access to Your IBM i Systems and Data
 
Introduction to Network and System Administration
Introduction to Network and System AdministrationIntroduction to Network and System Administration
Introduction to Network and System Administration
 
Implementing security and controls in people soft best practices - may 2017
Implementing security and controls in people soft best practices - may 2017Implementing security and controls in people soft best practices - may 2017
Implementing security and controls in people soft best practices - may 2017
 

More from Precisely

Zukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenZukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenPrecisely
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Crucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdfCrucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdfPrecisely
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10Precisely
 
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Precisely
 
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Precisely
 
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3fTestjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3fPrecisely
 
Data Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity TrendsData Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity TrendsPrecisely
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Optimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAPOptimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAPPrecisely
 
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige InvestitionenSAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige InvestitionenPrecisely
 
Automatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIsAutomatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIsPrecisely
 
Moving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and PreciselyMoving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and PreciselyPrecisely
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowPrecisely
 
Automate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellenceAutomate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellencePrecisely
 
5 Keys to Improved IT Operation Management
5 Keys to Improved IT Operation Management5 Keys to Improved IT Operation Management
5 Keys to Improved IT Operation ManagementPrecisely
 
Unlock Efficiency With Your Address Data Today For a Smarter Tomorrow
Unlock Efficiency With Your Address Data Today For a Smarter TomorrowUnlock Efficiency With Your Address Data Today For a Smarter Tomorrow
Unlock Efficiency With Your Address Data Today For a Smarter TomorrowPrecisely
 
Navigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar DeckNavigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar DeckPrecisely
 
Mainframe Sort Operations: Gaining the Insights You Need for Peak Performance
Mainframe Sort Operations: Gaining the Insights You Need for Peak PerformanceMainframe Sort Operations: Gaining the Insights You Need for Peak Performance
Mainframe Sort Operations: Gaining the Insights You Need for Peak PerformancePrecisely
 

More from Precisely (20)

Zukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenZukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter Massendaten
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Crucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdfCrucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdf
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10
 
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
 
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
 
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3fTestjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
 
Data Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity TrendsData Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity Trends
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Optimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAPOptimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAP
 
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige InvestitionenSAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
 
Automatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIsAutomatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIs
 
Moving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and PreciselyMoving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and Precisely
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to Know
 
Automate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellenceAutomate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center Excellence
 
5 Keys to Improved IT Operation Management
5 Keys to Improved IT Operation Management5 Keys to Improved IT Operation Management
5 Keys to Improved IT Operation Management
 
Unlock Efficiency With Your Address Data Today For a Smarter Tomorrow
Unlock Efficiency With Your Address Data Today For a Smarter TomorrowUnlock Efficiency With Your Address Data Today For a Smarter Tomorrow
Unlock Efficiency With Your Address Data Today For a Smarter Tomorrow
 
Navigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar DeckNavigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar Deck
 
Mainframe Sort Operations: Gaining the Insights You Need for Peak Performance
Mainframe Sort Operations: Gaining the Insights You Need for Peak PerformanceMainframe Sort Operations: Gaining the Insights You Need for Peak Performance
Mainframe Sort Operations: Gaining the Insights You Need for Peak Performance
 

Recently uploaded

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 

Security 101: Limiting Powerful User Profiles

  • 1. Security 101: Limiting Powerful IBM i User Profiles Alan Hamm Sales Engineer 1
  • 2. Agenda • Reducing Powerful Profiles • Managing Elevated Authority • Tradeoffs: DIY or Packaged Solutions? • How Syncsort Can Help 2
  • 3. What Is a Powerful Profile? From an IBM i OS viewpoint, three things contribute to making powerful profiles: 1. Special authorities 2. User class 3. Limit capabilities 3
  • 4. “Special authority is used to specify the types of actions a user can perform on system resources. A user can be given one or more special authorities.” IBM i, Security, Security reference, Version 7.3 Special Authority Special Authority Actions Allowed *ALLOBJ Access any resource – overrides private authority Essentially gives access to all functions on the system. *SECADM Create, change and delete user profiles. *SECADM + *ALLOBJ can give *SECADM to another user. *JOBCTL Stop subsystems, Perform an initial program load(IPL) *SPLCTL Any operation on any spooled file in the system. No protection against confidential spooled files. *SAVSYS Save, Restore and free storage for all objects on system. *SERVICE STRSST, Debug with only *USE authority, Trace. *AUDIT Stop, Start and prevent auditing on the system. *IOSYSCFG Change how the system is configured. Add or remove communication configurations and TCP/IP servers. 4
  • 5. “User class is used to control what menu options are shown to the user on IBM i menus. This helps control user access to some system functions.” IBM i, Security, Security reference, Version 7.3 User Class User Class Special Authorities *SECOFR *ALL *SECADM *SECADM *PGMR *NONE *SYSOPR *JOBCTL, *SAVSYS *USER *NONE Special Authorities Defaults (Security Level 30 or Above) 5
  • 6. “You can use the Limit capabilities field to limit the user’s ability to enter commands and to override the initial program, initial menu, current library, and attention-key- handling program specified in the user profile. This field is a tool for preventing users from experimenting on the system.” IBM i, Security, Security reference, Version 7.3 Limit Capabilities Function *YES *PARTIAL *NO Change initial program No No Yes Change initial menu No Yes Yes Change current library No No Yes Change attention program No No Yes Enter commands A few* Yes Yes * These commands are allowed by default: SIGNOFF, SNDMSG, DSPMSG, DSPJOB, DSPJOBLOG, STRPCO, WRKMSG. The user cannot use F9 to display a command line from any menu or display. 6
  • 7. • Security auditors require that users be given only the authorities needed to do their job • Handling frequent user requests for elevated authority is time consuming • Elevated authority should only be granted as needed – and then revoked • The activity of users with elevated authorities should be monitored to protect sensitive data and operations • Separation of duties for administrators is best practice Challenges of Managing Elevated Authority I need to be *SYSOPR for this assignment! I need *ALLOBJ to do my job! Can I have *SPLCTL for my project? 7
  • 8. • Satisfies security officers by reducing the number of powerful user profiles • Makes it easy to manage requests for elevated authority on demand • Enforces segregation of duties • Produces necessary alerts, reports and a comprehensive audit trail • Significantly reduces security exposures caused by human error • Reduces risk of unauthorized access to sensitive data Benefits of Elevated Authority Management Solutions 8
  • 9. DIY or 3rd Party Tradeoffs Do-It-Yourself In-House • Stretched resources required for business critical projects • May need to bring in consultants or hire new employees because of lack of IBM i security knowledge and experience • Need to maintain and update in- house tools to stay on top of OS and PTF releases • Staff turnover can leave you without the ability to manage in-house solutions Third-Party Solutions • Frees up resources for other projects • Provides separation of duties • Leverages experts in the field • Vendor is in the business of releasing updated software • Vendors ensure programs stay current to the latest threats and OS capabilities • Vendor-provided services can fill skills gaps for implementation and management 9
  • 11. Data Privacy Protect the privacy of data at-rest or in-motion to prevent data breaches Access Control Ensure comprehensive control of unauthorized access and the ability to trace any activity, suspicious or otherwise Compliance Monitoring Gain visibility into all security activity on your IBM i and optionally feed it to an enterprise console Security Risk Assessment Assess your security threats and vulnerabilities 11 Syncsort offers security solutions that address the issues on the radar screen of every security officer and IBM i admin
  • 12. Multi-Factor Authentication Strengthen login security by requiring multiple forms of authentication Elevated Authority Management Automatically elevate user authority as-needed and on a limited basis Access Control Secure all points of entry into to your system including network access, database access, command line access and more Access Control Solutions 12
  • 13. Expert services are available for • Security risk assessment • Quick start services • Quick check services • Security update services (hot fixes, PTFs, new releases, etc.) • System update services (ensuring security solution is properly configured after system changes to IP addresses, OS versions, etc.) • Auditor assist (supporting internal or external auditors) • Managed security services • A la carte consulting Leverage the seasoned security experts in Syncsort Global Services! The Syncsort Services Team Is Here for You 13