A Power Tool for IBM i User Administration
December 2, 2014 Alex Woodie
Managing IBM i users can take a lot of work. Setting up user profiles, granting authorities, and eliminating profiles across multiple environments are critical tasks that administrators must tackle. Now PowerTech is selling a tool that automates much of the grunt work associated with user profile management on the IBM i platform.
PowerTech PowerAdmin is designed to take the sting out of user profile management by implementing role-based accessed control (RBAC) for groups of users. Instead of managing all of the settings and access rights involved with each user profile individually, administrators create templates for different roles that exist within the company, such as department or position, and then assign employees to those roles based on their access requirements.
One of the interesting bits about the software, which PowerTech first released in 2013, is that it lets administrators choose how much of the user profile management process to automate and how much to handle manually. Administrators can set default templates for a group of users that applies to several IBM i LPARs or servers. But if a particular user requires more extensive access on a certain server or LPAR, the administrator can go in and make that change manually.
Robin Tatam, director of security technologies for HelpSystems, which owns PowerTech, says the RBAC approach helps alleviate the challenge of manually provisioning users under IBM i. “The biggest benefit will be felt by those shops with a large number of users, multiple LPARs or severs, or a combination of the two,” he tells IT Jungle.
Tatam says one of the most well-received features of PowerAdmin has been the central administration component, which enables security administrators to manage IBM i profiles from a single server using more natural concepts such as a person and a department.
“The software knows what attributes each different role should have and automatically assigns those attributes as it creates the profile,” he says. “It doesn’t end there, however, as the software facilitates auditing of capabilities throughout the profile’s lifecycle.”
With the latest version of the software, PowerAdmin 2.0, PowerTech has streamlined the new user onboarding process and bolstered the auditing capabilities. Also, the company is enabling user profiles to be monitored and updated in real time.
IBM i shops faced with compliance mandates will benefit from the automated auditing capabilities, Tatam says. “All of this has traditionally been a painfully manual process, but regulatory frameworks such as COBIT require that user access rights be clearly defined and kept in line with business needs and job requirements,” says Tatam, who holds Certified Information Security Manager (CISM) and Certified Business Continuity Auditor (CBCA) credentials.
“Of course, part of those requirements includes documentation and workflow must be consistent and demonstrable,” he adds. “In addition, organizations are demanding more timely and less resource-intensive management of their profiles, despite more complex infrastructures and less administrators.”