|
|
|
|
|
       |
 |
|
|
Security Made Easy with Operations Navigator by Shannon O'Donnell You may not realize it, but AS/400 security management became a whole lot easier with the release of OS/400 V5R1. The V5R1 Operations Navigator client contains several "shortcuts" for defining and configuring OS/400 security. Keep reading to find out how easy it is for you to become an AS/400 security wizard!
A Word of Caution The information you are about to read, while easy to follow and understand, can also be disastrous if allowed to be used by unauthorized individuals. The security choices you can make with Operations Navigator will directly and immediately change your AS/400 System Security Values. Be warned that not everyone in your organization should be given access to these tools. Requirements The first requirement for becoming an AS/400 security wizard is to ensure that you have OS/400 V5R1 installed on your AS/400 and the V5R1 version of Client Access Express (and, by default, the V5R1 version of Operations Navigator) on your PC. Getting There To get to the security tools in Operations Navigator, connect to your V5R1 AS/400 and then drill down to the Security tree item. Expand it. You should see two entries: Authorization Lists and Policies. If you click on the Policies tree item, you'll get a set of four new options appearing in the right-hand pane of the Operations Navigator GUI: Password Policy, Security Policy, Audit Policy, and Sign-on Policy. Let's start by double-clicking the Password Policy item. You should see a panel like that shown in Figure 1.
From here, you can very quickly define such rules as whether or not to support the new 128-character password, the minimum and maximum password lengths, and when passwords will expire. If you double-click the Security Policy item, you'll see the Security Policy Properties panel. From this panel, you can set the system's security level, control the settings for restoring objects, and control which objects are auditable, among other things. The Audit Policy panel (Figure 2) allows you to set the allowed options for all system and object level auditing as well as journaling options.
And, finally, the Sign-on Policy panel (Figure 3) allows you to control how many attempts at signing on your users get before the system automatically takes some pre-defined action (also defined here). You can also control various log-on properties for remote users from this panel.
Authorization Lists The other security tree item in Operations Navigator is the Authorizations List option. You can click this tree item to work with previously defined authorization lists. You can also right-click this tree item to create new authorization lists. Maintain Positive Control As always, any time you are working with security values on any system, it is absolutely critical that you maintain control of who has access to what. The security tree item in the Operations Navigator GUI is no exception. In the hands of the wrong person, your AS/400 could very quickly be brought to its knees by one inadvertent or intentional click of a mouse button. Therefore, it's very important that you limit access to this function of Operations Navigator to those individuals who absolutely require it. If you are not sure how to control who gets access to what items in Operations Navigator, see the article "Exporing iSeries Navigator Application Administration," where you'll find tips on how to control access to various features of the Operations Navigator GUI.
|
Editors
Contact the Editors |
|
Last Updated: 8/29/02 Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved. |
PROFOUND LOGIC SOFTWARE