Powertech Authority Broker for IBM i

Overview

Too many people with too much access to critical data is one of the most common and dangerous security lapses uncovered in IBM Power Systems audits. Programmers, developers, and administrators often have security officer or *ALLOBJ special authority built into their everyday profiles on production systems—just in case they need it for emergencies. Unfortunately, this creates the potential for catastrophic data corruption or loss.

Delegate Privileged Authority

With Powertech Authority Broker for IBM i, administrators can predefine users that are allowed to use elevated levels of authority. Users “swap” into the privileged profile only for the specific window of time that they need it. All activity during the swap is logged to a secure journal, and screens also can be captured and bundled into a PDF for review and auditing.

FireCall

Developers often need emergency access to production systems outside normal work hours. The FireCall feature enables overburdened system administrators to delegate the approval of role swaps to the Help Desk or other staff.

Real-Time Alerts

You can notify managers of profile switches in real time. Send alerts to IBM i message queues and interface with existing email and messaging solutions.

Comprehensive Reporting

Satisfy your auditor requirements with reports that provide a complete audit trail of privileged user activity. For example, you can create reports for any of the following:

  • Summary of profile swaps  
  • List of all commands entered  
  • Details from the audit journal
  • All invalid access attempts 
  • Screen captures, emailed as a bundled PDF
PRODUCT SUMMARY

KEY FEATURES

  • Monitored authority swap  
  • Screen captures  
  • Separation of duties  
  • Real-time alerts  
  • Complete audit trail  
  • Time-limited authority  
  • Day, date, and time restrictions  
  • Emergency access  
  • Application integration  

SYSTEM REQUIREMENTS

  • IBM i 7.1 or higher

PDF VERSION 

Text

“Authority Broker provides the separation of duties that SOX auditors look for. I receive an alert when a user swaps into a powerful profile as well as a daily report that I can keep on file.” –Matt Radatti C & D Technologies Computer Operations Manager

Text

Report Filtering

Authority Broker’s unique report filtering technology lets you print only the critical information that your auditors require. Using filters, you can exclude irrelevant programs or list only commands that were entered from a command line.

Screen Capture and Live Viewing

The ability to capture screens gives you an unparalleled view of user activity that enhances security and satisfies auditors. Monitor swapped users in near real-time, play back screens on the system, or receive bundled screenshots as an emailed PDF

Time-Limited Authority

Ensure that users do not abuse the privileges granted by adding time limits to a profile swap. Administrators can configure which actions to take at the end of the swap.

Day, Date, and Time Restrictions

Limit the checkout of powerful authorities to specific time periods or restrict access on weekends and holidays.

Enforce Segregation of Duties

Some companies have an existing process in place for providing emergency access to development staff. Implementing Authority Broker saves time compared to tools developed in-house and enforces segregation of duties. Auditors don’t like to see developers writing applications to report their own activity

Application and System Integration

Custom exit points enable you to integrate Authority Broker with your existing code and solutions. Authority Broker exit points are provided for integration before and after profile swaps (sample code is provided). For example:

  • Change accounting code and library list
  • Wait for system operator to approve switch
  • Connect to Help Desk ticketing software to gain approval

 

Let’s Get Started

Find out what Authority Broker can do for you. We’ll review your current setup and see how Fortra products can help you achieve your security and compliance goals.