securing a library on an iSeries400

0 pts.
Tags:
configuration
patching
PEN testing
Platform Security
vulnerability management
We've created a library to which we want to restrict access to a limited number of users. How can we do this on an iSeries at V5R3? There are files within this library that are used by programs in other libraries. When we restrict access to this library will this impact these files and if so is there a work around? Thanks for your help!
ASKED: October 28, 2005  2:35 PM
UPDATED: October 31, 2005  2:42 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

You simply have to decide who you do want to have access to the library and what level of access you want to give them (different actions require different levels of access). This can be decided at User or Group level. You then use CHGOBJPGP and/or EDTOBJAUT (with or without AUTL) to grant said authority.

Note: You cannot grant access rights to “programs in other libraries”. You can only grant/deny access to the users who invoke these programs.

That said, you can use Authority Adoption to make certain programs run as UserX, no matter who invokes them (CHGPGM USRPRF = *OWNER and CHGOBJOWN = USERX).

Finally, you could always resort to *ALLOBJ (But don’t – your auditors will kill you).

One last note…..You are now in the realms of general object level access, which is the basic building block of logical security on the iSeries. This should be looked at as one part of a bigger picture and not taken as an individual solution.

That is to say, if you don’t control things like SPCAUTs and SYSVALs, etc, then this library level access can be made redundant very quickly.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following