One of the greatest challenges that an organization faces when securing an IBM i environment is protecting the system from the very people who are also charged with its care and feeding: programmers, administrators, security officers, and even those we call Power Users.
In this session, we discuss several common security concerns, such as:
- How you can prohibit a programmer from accessing your production environment, except for those times when they need to diagnose and fix a production problem.
- How you can prohibit QSECOFR from running certain commands.
- How you can enable the Help Desk to re-enable a user and reset the user's password without assigning the Help Desk very high levels of authority.
- What exposures you can avoid by proper ownership of powerful user profiles.
- How you can selectively allow *ALLOBJ authority to be used only at certain times.
- How you can track activity inside powerful "invisible" tools like STRSQL and STRSST.
We discuss the ways to control and audit the activity of powerful users, with a view to enhancing the integrity of your IBM i. With the proper controls in place, you can restrict even the most powerful users as required.