INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Implications

Implications

(OP)
Hi, I need to understand the implication of having an account that support a batch process with special authorities ALLOBJ and/or SECADM. The technichian has not managed to tell me why a batch account would need to have this configuration.

RE: Implications

If the job is submitted by an application (or user), the profile submitting the job should have the authority. If your security is configured properly, very few users should have *ALLOBJ or *SECADM (only system admins). The user running the job should have security to only the objects needed.

If ALLOBJ is given, the user can submit a job that could affect any object on the system i.e. clear physical files, delete objects (not currently locked), etc.

If SECADM is given, the user can add, change, or delete user profiles.

If they claim ALLOBJ is needed, I'd want to review what they're doing and configure the object level security instead.

If SECADM is needed, I'd consider using adopted authority to handle those requests.

RE: Implications

(OP)
Looking in detail, almost 85% of users have ALLOBJ...

RE: Implications

The thing about security is,, that it has to be managed. It is not a set it, and forget thing.  The tech probably does not have a clue how security work on the AS400, so how can they be responsible for managing it. They know, if they set it "this way".. then everything works OK. Monkey see, Monkey do.  

RE: Implications

It is true that many AS400 professionals didn't understand or didn't give a rats patootey about security. All access for all users means that everything runs.

But, you have to understand that many AS400 shops were and are small with a handful (at best) of people doing everything. I worked as a one-person shop in one company. It's very diffcult to manage security in that environment. Also, the most training many AS400 pros received was a two-year technical degree with little or no security information. It doesn't make it right, though.

RE: Implications

85%??? Sounds like you need a security overhaul. Quickly. The iSeries is probably the most secure server platform in the world if configured properly. You should have someone (who knows what they're doing) review the security on that system and make the necessary changes to secure it very soon.

Good luck,
Mark

RE: Implications

(OP)
Thanks!

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close