• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • How IBM i 7.4 Improves Security

    May 1, 2019 Alex Woodie

    The unveiling of Db2 Mirror may have gotten the lion’s share of attention with last week’s introduction of IBM i enhancements. But IBM has also given its customer base some significant security upgrades with the new releases of IBM i, including enhancements to the Authority Collection and support for the latest over-the-wire encryption protocol.

    “Our big things are around those two main themes – availability as well as security,” says Alison Butterill, IBM i product offering manager at IBM. “Those are the two main themes. But we have lots of things across the board.”

    IBM gave customers significant new user-focused security capabilities two years ago with the introduction of Authority Collection in IBM i 7.3. Now, with versions version 7.4 and 7.3 technology refresh (TR) 6, IBM is doubling down on the Authority Collection function and expanding it in a big new way.

    Authority Collection gave IBM i shops a way to determine the minimum authority that a user requires to complete an application function. Once the appropriate authority levels were determined, it was up to the administrator to implement the changes manually in IBM i’s security settings, or to use a third-party tool to do it for them.

    The Authority Collection was well received by the community, since it helped to ensure that regular users were not going about their day-to-day work in user profiles that included special authorities, such as ALLOBJ, SPLCTL, and SECADM. The simple fact is that too many IBM i shops continue have too many users running with too much authority. The overuse of special authorities has been a recurring theme – and a well-documented problem — in IBM i security studies for over a decade.

    When it launched, Authority Collection operated from the point of view of individual users. With IBM i 7.4, IBM has flipped the product’s viewpoint on its end and now allows customers to track authority requirements from the point of view of IBM i objects. The following object types are supported: QSYS file system; “root” (/); QOpenSys; user-defined file system; and document library objects.

    IBM‘s Chief Architect for IBM i, Steve Will, explains:

    “In the 7.3 version of it, it was a user-based thing, so you would check for example what your operator would do or your programmer would do,” Will tells IT Jungle in a recent briefing. “In 7.4, we given the other option, which is to say that I want to make sure that I have this particular object locked, no matter who it is that’s touching it or trying to do something with it. So now you can look at it the other way. You can say for any given object, I can prove to you that there’s nobody touching it who has more authority than they need.”

    IBM i shops asked for the new object-focused view in Authority Collection, Will says. “This again is a requirement that we’ve gotten from folks who are trying to certify to security auditors that they’re securing things,” he says. “This kind of completes that story.”

    Authority Collection gets several new SQL views for displaying and analyzing the authority data collected for objects. The SQL views cover any objects stored in the QSYS file system; in the “root” (/); QOpenSys, or user-defined file system; and also objects stored in document and folder objects, according to IBM. More information can be found in the Authority Collection section of the IBM Knowledge Center.

    The other big security feature is support for TLS version 1.3. TLS is the latest version of Transport Layer Security (TLS), which is the encryption protocol used for securing data in motion (it was previously known as Secure Sockets Layer, or SSL). The specification for TLS version 1.3 was established in August 2018 and has been widely adopted by the computer industry since then, although there is still widespread use of TLS 1.2.

    With support for TLS 1.3, IBM is giving users the latest tools for securing network traffic. “TLS 1.3 is the most modern, the most secure way of doing encrypted traffic,” Will says. “So a lot of our clients, particularly in the financial space and healthcare, are really after the most modern thing available even if they’re not quite ready to use it.”

    IBM also updated the Digital Certificate Manager (DCM), an existing IBM i tool for managing the certificates used to enter into encrypted sessions. With IBM i 7.4, IBM has provided new DCM APIs that allow more aspects of the certificate management process to be automated.

    Specifically, IBM is now providing APIs to manage application definition certificate assignments; to manage the certificate authority (CA) trust list; and to request a certificate renewal and import certificate into system store.

    It’s worth noting that none of these security enhancements – support for object views in Authority Collection, support for TLS 1.3, nor extra automation in DCM – are supported in IBM i 7.3 TR6. That’s by design.

    “We’ve got a number of enhancements in 7.4 that are especially related to security,” he says. “It’s often the case that major releases require significant security [updates]. Those things don’t tend to roll out as technology refreshes because they tend to be more pervasive.”

    RELATED STORIES

    Deep Dive On IBM i 7.4 And IBM i 7.3 TR6 Hardware Limits

    Power Systems Refreshes Flash Drives, Promises NVM-Express For IBM i

    IBM Brings Active-Active Mirroring Into Db2 For i Database

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: ALLOBJ, API, Db2 Mirror, DCM, Digital Certificate Manager, IBM i, IBM i 7.3 TR6, SECADM, Secure Sockets Layer, SPLCTL, SQL, SSL

    Sponsored by
    VISUAL LANSA 16 WEBINAR

    Trying to balance stability and agility in your IBM i environment?

    Join this webinar and explore Visual LANSA 16 – our enhanced professional low-code platform designed to help organizations running on IBM i evolve seamlessly for what’s next.

    🎙️VISUAL LANSA 16 WEBINAR

    Break Monolithic IBM i Applications and Unlock New Value

    Explore modernization without rewriting. Decouple monolithic applications and extend their value through integration with modern services, web frameworks, and cloud technologies.

    🗓️ July 10, 2025

    ⏰ 9 AM – 10 AM CDT (4 PM to 5 PM CEST)

    See the webinar schedule in your time zone

    Register to join the webinar now

    What to Expect

    • Get to know Visual LANSA 16, its core features, latest enhancements, and use cases
    • Understand how you can transition to a MACH-aligned architecture to enable faster innovation
    • Discover native REST APIs, WebView2 support, cloud-ready Azure licensing, and more to help transform and scale your IBM i applications

    Read more about V16 here.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    R Comes To i IBM i PTF Guide, Volume 21, Number 18

    Leave a Reply Cancel reply

TFH Volume: 29 Issue: 28

This Issue Sponsored By

  • Maxava
  • OpenLegacy
  • Dawn May Consulting
  • MITEC
  • WorksRight Software

Table of Contents

  • How IBM i 7.4 Improves Security
  • R Comes To i
  • Original Refocuses on IBM i Test Automation
  • Four Hundred Monitor, May 1
  • IBM i PTF Guide, Volume 21, Number 17

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Liam Allan Shares What’s Coming Next With Code For IBM i
  • From Stable To Scalable: Visual LANSA 16 Powers IBM i Growth – Launching July 8
  • VS Code Will Be The Heart Of The Modern IBM i Platform
  • The AS/400: A 37-Year-Old Dog That Loves To Learn New Tricks
  • IBM i PTF Guide, Volume 27, Number 25
  • Meet The Next Gen Of IBMers Helping To Build IBM i
  • Looks Like IBM Is Building A Linux-Like PASE For IBM i After All
  • Will Independent IBM i Clouds Survive PowerVS?
  • Now, IBM Is Jacking Up Hardware Maintenance Prices
  • IBM i PTF Guide, Volume 27, Number 24

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle