The iSeries Blog

Aug 15 2007   3:02PM GMT

iSeries user accountability help from reader

Adam Trujillo Profile: Atrujillo

After reading Establishing user accountability in AS400, the iSeries security expert response from Carol Woodbury, one reader sent us this comment to round out her answer. Thanks, Tom!

Especially with QSECOFR, it’s difficult to guarantee full accountability. Whatever QSECOFR can put in place, QSECOFR can remove. There are potential items that can help though.

For interactive work, for example, a routing program might intercept the job and prompt for an individual’s identification. This might consist of a user/password prompt that could be tested against actual user/password via perhaps the Get Profile Handle (QSYGETPH) API, followed by Release Profile Handle (QSYRLSPH) API if successful.

The routing program might continue by setting job logging levels or various audit attributes before transferring control to QSYS/QCMD (or your own request-processing program). Before transferring control, it might send scope messages to ensure that end-of-job logging also occurred or set condition handlers for similar purposes.

None of that *guarantees* anything. But it can help when an auditor asks what’s been done.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: