• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • How IBM i 7.4 Improves Security

    May 1, 2019 Alex Woodie

    The unveiling of Db2 Mirror may have gotten the lion’s share of attention with last week’s introduction of IBM i enhancements. But IBM has also given its customer base some significant security upgrades with the new releases of IBM i, including enhancements to the Authority Collection and support for the latest over-the-wire encryption protocol.

    “Our big things are around those two main themes – availability as well as security,” says Alison Butterill, IBM i product offering manager at IBM. “Those are the two main themes. But we have lots of things across the board.”

    IBM gave customers significant new user-focused security capabilities two years ago with the introduction of Authority Collection in IBM i 7.3. Now, with versions version 7.4 and 7.3 technology refresh (TR) 6, IBM is doubling down on the Authority Collection function and expanding it in a big new way.

    Authority Collection gave IBM i shops a way to determine the minimum authority that a user requires to complete an application function. Once the appropriate authority levels were determined, it was up to the administrator to implement the changes manually in IBM i’s security settings, or to use a third-party tool to do it for them.

    The Authority Collection was well received by the community, since it helped to ensure that regular users were not going about their day-to-day work in user profiles that included special authorities, such as ALLOBJ, SPLCTL, and SECADM. The simple fact is that too many IBM i shops continue have too many users running with too much authority. The overuse of special authorities has been a recurring theme – and a well-documented problem — in IBM i security studies for over a decade.

    When it launched, Authority Collection operated from the point of view of individual users. With IBM i 7.4, IBM has flipped the product’s viewpoint on its end and now allows customers to track authority requirements from the point of view of IBM i objects. The following object types are supported: QSYS file system; “root” (/); QOpenSys; user-defined file system; and document library objects.

    IBM‘s Chief Architect for IBM i, Steve Will, explains:

    “In the 7.3 version of it, it was a user-based thing, so you would check for example what your operator would do or your programmer would do,” Will tells IT Jungle in a recent briefing. “In 7.4, we given the other option, which is to say that I want to make sure that I have this particular object locked, no matter who it is that’s touching it or trying to do something with it. So now you can look at it the other way. You can say for any given object, I can prove to you that there’s nobody touching it who has more authority than they need.”

    IBM i shops asked for the new object-focused view in Authority Collection, Will says. “This again is a requirement that we’ve gotten from folks who are trying to certify to security auditors that they’re securing things,” he says. “This kind of completes that story.”

    Authority Collection gets several new SQL views for displaying and analyzing the authority data collected for objects. The SQL views cover any objects stored in the QSYS file system; in the “root” (/); QOpenSys, or user-defined file system; and also objects stored in document and folder objects, according to IBM. More information can be found in the Authority Collection section of the IBM Knowledge Center.

    The other big security feature is support for TLS version 1.3. TLS is the latest version of Transport Layer Security (TLS), which is the encryption protocol used for securing data in motion (it was previously known as Secure Sockets Layer, or SSL). The specification for TLS version 1.3 was established in August 2018 and has been widely adopted by the computer industry since then, although there is still widespread use of TLS 1.2.

    With support for TLS 1.3, IBM is giving users the latest tools for securing network traffic. “TLS 1.3 is the most modern, the most secure way of doing encrypted traffic,” Will says. “So a lot of our clients, particularly in the financial space and healthcare, are really after the most modern thing available even if they’re not quite ready to use it.”

    IBM also updated the Digital Certificate Manager (DCM), an existing IBM i tool for managing the certificates used to enter into encrypted sessions. With IBM i 7.4, IBM has provided new DCM APIs that allow more aspects of the certificate management process to be automated.

    Specifically, IBM is now providing APIs to manage application definition certificate assignments; to manage the certificate authority (CA) trust list; and to request a certificate renewal and import certificate into system store.

    It’s worth noting that none of these security enhancements – support for object views in Authority Collection, support for TLS 1.3, nor extra automation in DCM – are supported in IBM i 7.3 TR6. That’s by design.

    “We’ve got a number of enhancements in 7.4 that are especially related to security,” he says. “It’s often the case that major releases require significant security [updates]. Those things don’t tend to roll out as technology refreshes because they tend to be more pervasive.”

    RELATED STORIES

    Deep Dive On IBM i 7.4 And IBM i 7.3 TR6 Hardware Limits

    Power Systems Refreshes Flash Drives, Promises NVM-Express For IBM i

    IBM Brings Active-Active Mirroring Into Db2 For i Database

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: ALLOBJ, API, Db2 Mirror, DCM, Digital Certificate Manager, IBM i, IBM i 7.3 TR6, SECADM, Secure Sockets Layer, SPLCTL, SQL, SSL

    Sponsored by
    Maxava

    Migrate IBM i with Confidence

    Tired of costly and risky migrations? Maxava Migrate Live minimizes disruption with seamless transitions. Upgrading to Power10 or cloud hosted system, Maxava has you covered!

    Learn More

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    R Comes To i IBM i PTF Guide, Volume 21, Number 18

    Leave a Reply Cancel reply

TFH Volume: 29 Issue: 28

This Issue Sponsored By

  • Maxava
  • OpenLegacy
  • Dawn May Consulting
  • MITEC
  • WorksRight Software

Table of Contents

  • How IBM i 7.4 Improves Security
  • R Comes To i
  • Original Refocuses on IBM i Test Automation
  • Four Hundred Monitor, May 1
  • IBM i PTF Guide, Volume 21, Number 17

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Big Blue Raises IBM i License Transfer Fees, Other Prices
  • Keep The IBM i Youth Movement Going With More Training, Better Tools
  • Remain Begins Migrating DevOps Tools To VS Code
  • IBM Readies LTO-10 Tape Drives And Libraries
  • IBM i PTF Guide, Volume 27, Number 23
  • SEU’s Fate, An IBM i V8, And The Odds Of A Power13
  • Tandberg Bankruptcy Leaves A Hole In IBM Power Storage
  • RPG Code Generation And The Agentic Future Of IBM i
  • A Bunch Of IBM i-Power Systems Things To Be Aware Of
  • IBM i PTF Guide, Volume 27, Numbers 21 And 22

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle