• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • PowerTech Tools Build Trust By Decreasing Authority

    April 24, 2007 Alex Woodie

    It’s 7 p.m., and all your users are supposed to be logged off the system, but do you know where your security officer is? While you trust your security officer to hold the keys to the i5/OS kingdom, today’s regulatory environment simply doesn’t permit all-powerful users to traverse corporate IT systems unseen and unmonitored. A new release of PowerTech Group‘s AuthorityBroker gives i5/OS shops the capability to monitor the monitors, and get back into the good graces of the auditors.

    AuthorityBroker helps i5/OS and OS/400 shops lessen the need for users to run with profiles granting them special authorities, such as All Object (ALLOBJ), Spool Control (SPLCTL), and Job Control-System Operator (JOBCTL). While these special authorities at times are necessary to accomplish given tasks on iSeries and System i servers–such as loading a new program, initiating a system save, or configuring network access–they are overkill for day-to-day usage, and pose a security risk to organizations.

    AuthorityBroker decreases the security risk and gets iSeries shops on the track to regulatory compliance by setting up separate user profiles that users can adopt for short periods of time. When a user needs a special authority to accomplish a task, they can go into AuthorityBroker and swap into a “switch” profile, which temporarily gives them the special authority. In this way, users don’t need the special authorities in their everyday profile, which lessens security risks. It also helps implement separation of duties, which is necessary for SOX compliance.

    With version 3.1, PowerTech has made it easier for organizations to integrate AuthorityBroker into their existing environments, and to initiate other business processes when a profile swap or release occurs. The new integration points enable a customer to run a program of their choice immediately before or after a profile swap is executed. Programming skills are not necessary, but can be utilized, and a recompile is required. Sample code is provided to get users started.

    The customization offers numerous benefits. For example, the new capability could be used to associate a library list with a powerful user profile when a swap or release is executed, giving a programmer access to the objects he needs to get his job done while logged on using the powerful user profile. Alternatively, the functionality could be used to change an accounting code when a swap is performed, keeping billable hours in line with actual job duties performed.

    The integration points could also be used to automatically distribute reports detailing the activities of users when they’re logged in as powerful users, says John Earl, PowerTech’s chief technology officer.

    “This allows them to get notifications that I’ve become QSECOFR, and while John was QSECOFR, here’s exactly what he did,” Earl says. “The big story is, everything I do now is done under the light of day. The security officer is the most knowledgeable and powerful user, but nobody knows what they’re doing, and this is why auditors have a problem.”

    Too many OS/400 and i5/OS shops have too many users with powerful authorities, Earl says. “PowerTech’s recently released ‘State of System i’ study showed that the average number of user profiles with *ALLOBJ authority on a system i server is 82,” he says. “Companies can fix this exposure with Authority Broker.”

    The new integration points could also be used to verify that a valid call ticket has been implemented correctly, or to require a manager’s approval before allowing a swap to continue, according to PowerTech. Better tracking of AuthorityBroker use was started last year when PowerTech unveiled the new emergency access “FireCall” feature with version 3.0, which was aimed at empowering helpdesk personnel to grant higher authority levels.

    Version 3.1 also brings new “job spawn” tracking capability. In the past, it could be difficult to attribute certain batch jobs, or jobs started under Q shell, to the user and the user profile responsible for starting the job, Earl says. With this release, AuthorityBroker can more accurately track these types of jobs.

    AuthorityBroker puts controls in place for the eight special authorities in OS/400 and i5/OS, including Security Admin (SECADM), Network Services (IOSYSCFG), Audit Rights (AUDIT), Hardware Administrator (SERVICE), Backup Operator (SAVESYS), JOBCTL, SPLCTL, and the big one, ALLOBJ.

    AuthorityBroker is fully logged and tracks all switches through an audit trail. The software also generates reports on switch activity, and can be set up to automatically send e-mail notifications when users swap into their powerful “switch” profile.

    AuthorityBroker supports OS/400 V4R4 and later versions. Pricing is tier-based and ranges from $2,700 to $15,000. For more information, visit www.powertechgroup.com.

    RELATED STORIES

    PowerTech Adds ‘FireCall’ to Authority Control Product

    PowerTech’s AuthorityBroker to be Distributed with New Copies of i5/OS

    New PowerTech Product Cracks Down on Special Authorities



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    Raz-Lee Security

    Start your Road to Zero Trust!

    Firewall Network security, controlling Exit Points, Open DB’s and SSH. Rule Wizards and graphical BI.

    Request Demo

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    New Generation Software:  Leading provider of iSeries BI and financial management software
    Vision Solutions:  The first new HA release from the newly merged Vision and iTera companies
    LASERTEC USA:  Fully integrate MICR check printing with your existing application

    IT Jungle Store Top Book Picks

    The System i Pocket RPG & RPG IV Guide: List Price, $69.95
    The iSeries Pocket Database Guide: List Price, $59.00
    The iSeries Pocket Developers' Guide: List Price, $59.00
    The iSeries Pocket SQL Guide: List Price, $59.00
    The iSeries Pocket Query Guide: List Price, $49.00
    The iSeries Pocket WebFacing Primer: List Price, $39.00
    Migrating to WebSphere Express for iSeries: List Price, $49.00
    iSeries Express Web Implementer's Guide: List Price, $59.00
    Getting Started with WebSphere Development Studio for iSeries: List Price, $79.95
    Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00
    Getting Started with WebSphere Express for iSeries: List Price, $49.00
    WebFacing Application Design and Development Guide: List Price, $55.00
    Can the AS/400 Survive IBM?: List Price, $49.00
    The All-Everything Machine: List Price, $29.95
    Chip Wars: List Price, $29.95

    California Software Rebrands Itself as Infinite Software What Can I Select When I Group?

    Leave a Reply Cancel reply

Volume 7, Number 16 -- April 24, 2007
THIS ISSUE SPONSORED BY:

Bytware
Quadrant Software
Seagull Software
VAULT400
Affirmative Computer

Table of Contents

  • PowerTech Tools Build Trust By Decreasing Authority
  • IBM Expects Speedier Portal Projects
  • BSafe Introduces Cross-Platform Auditing
  • CCSS Addresses SOX Requirements in QMessage Monitor
  • Curl Re-Emerges at Web 2.0
  • Lawson Signs Five Companies to M3 Contracts
  • Magic Develops iBOLT for SAP R/3, mySAP
  • Jupiter Taps MobileHWY for Mobile Building Permit Program
  • Reporting Tool Works with i5/OS Trucking Software
  • Help/Systems Issues Another Update for Robot/SCHEDULE

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Public Preview For Watson Code Assistant for i Available Soon
  • COMMON Youth Movement Continues at POWERUp 2025
  • IBM Preserves Memory Investments Across Power10 And Power11
  • Eradani Uses AI For New EDI And API Service
  • Picking Apart IBM’s $150 Billion In US Manufacturing And R&D
  • FAX/400 And CICS For i Are Dead. What Will IBM Kill Next?
  • Fresche Overhauls X-Analysis With Web UI, AI Smarts
  • Is It Time To Add The Rust Programming Language To IBM i?
  • Is IBM Going To Raise Prices On Power10 Expert Care?
  • IBM i PTF Guide, Volume 27, Number 20

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle