1 / 47

Authority on Demand Control Authority Rights & Emergency Access

Authority on Demand Control Authority Rights & Emergency Access. The Challenge. System i sites define user’s security levels and allocate security rights corresponding to the different job responsibilities in the organization

simmon
Download Presentation

Authority on Demand Control Authority Rights & Emergency Access

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authority on DemandControl Authority Rights & Emergency Access

  2. The Challenge System i sites define user’s security levels and allocate security rights corresponding to the different job responsibilities in the organization Emergency access to critical application data and processes is a potentially serious security breach which is often uncovered in System i audits. Manual approaches to this problem are not only error-prone, but do not comply with regulations and auditor’s often stringent security requirements.

  3. AOD Features • ADD and SWAP Security Levels (ADD is featureunique to AOD) – can ADD additional security rights to current user profile or grant a new security authority level. • Global Add SPCAUT • Authority Transfer On-Demand Rules & Providers - pre-define special authority "providers" and authority transfer rules. • Safe Recovery from Emergency – recover from emergency situations with minimum risk of human error and maximum reporting of activities while running with higher special authority. • Full Monitoring Capabilities - logs and monitors all relevant activities, and sends audit reports and real-time e-mail alerts when higher authority rights are provided. • Simple, Controlled Access – Only authorized users can grant authority or access critical data and processes and incorporates easy-to-use reporting and monitoring mechanisms. • Part of Comprehensive Solution - solidifies iSecurity's position as the most comprehensive security solution for System i environments.

  4. Authority on Demand Training

  5. AOD main menu. We’ll enter option 5 to define Authority Providers.

  6. Let’s look at how QSECOFR is defined.

  7. Let’s look at option 1, AOD rules.

  8. System Configuration

  9. System Configuration

  10. System Configuration

  11. System Configuration

  12. System Configuration

  13. System Configuration

  14. System Configuration

  15. System Configuration

  16. Using Authority on Demand

  17. The request was rejected, enter DSPAODLOG...

  18. … because it was not requested during off hours.

  19. Let’s update the definition the Rule and remove the time group EVENING

  20. AOD is starting, the first command DSPJOB is run automatically

  21. Then the seconds Command WRKSPLF is run automatically

  22. Note that the user profile authority has not changed

  23. Note that the user profile authority has not changed

  24. But the user profile now has QSECOFR rights

  25. Reporting, an email is sent, a message is sent, a log is written

  26. Auditing

  27. Auditing More information can be retrieved via the AODLOG

  28. Auditing More information can be retrieved via the AODLOG

  29. Auditing

  30. Auditing

  31. Auditing More information can be retrieved via the AODLOG

  32. Example SWAP SWAP profile

  33. Example SWAP

  34. Example SWAP Job user has changed

  35. Thank You! Please visit us at www.srcsecuresolutions.eu

More Related