February 15, 2012 - Vol 2, Issue 4
Cilasoft Security Solutions - Intelligently Engineered Security Solutions
Cilasoft Security Solutions - Intelligently Engineered Security Solutions

SEA Expert Webinar - Assessing Security of IBM i

From the Editor

Thank you for subscribing to the SecureMyi Security Newsletter.

In this issue we present the first article in our Guest Author series with a great article on the topic of Authorization Lists by Carol Woodbury. Carol is the President and Co-Founder of Skyview Partners, Inc. and is well known around the IBM i world as one of our top security experts. She is a regular speaker at industry events, technical webinars, and her regular Coffee with Carol Webcasts are a nice way to launch your day.

Carol is also the author of several books including Experts' Guide to OS/400 and i5/OS Security. Her latest book IBM i and i5/OS Security and Compliance: A Practical Guide is a comprehsive guide for all of us in the IBM i Security Community.

This Issue's Educational YouTube Video on 'Misconceptions when using Authorization Lists' ties in very nicely with Carol's article.

In the Upcoming Leap-Day issue(February 29) we introduce our new column entitled Security Code for i.

Security Code for i will be a regular feature in which we present Source Code and instructions for security and auditing utilities you can build on your own system to help augment your toolset. Wait til you see the first installment, it is fabulous!

In this issue, I have begun using a Chili Pepper icon to help identify those articles that I think contain blazing HOT technical content. While all of our content is HOT, these are outstanding articles. Try following the Red Chili Peppers!

Get the Book "Powertips for OS/400 and IBM i Security" for FREE!

All new subscribers, and existing subscribers that update their subscription options receive a Free copy of my book "PowerTips for IBM i Security", a large gathering of tips and techniques and little known security related tidbits are included in the book, Published by System iNEWS magazine. A $20 retail value.

You can subscribe, or update your subscription by clicking here.

All my very best to you. I hope you enjoy this issue,

Dan Riehl
www.SecureMyi.com

Feature Article

Why use Authorization Lists?

By Carol Woodbury   Skyview Partners, Inc.

The Authorization List is a security administration tool that has been available since Release 1.0 of OS/400. Authorization lists or authority lists, as some people call them, are a tool that help security administrators manage authority to objects (libraries, files, folders, directories, etc) when all of the objects need to be authorized in the same way. In other words, they make an administrator’s life significantly easier when users need the same authorization level to a bunch of objects.

Let’s walk through the steps of securing the files for an HR (Human Resources) application with an authorization list.

Create the authorization list using the Create Authorization List command.

            CRTAUTL AUTL(HR_AUTL)

Note: All authorization lists are created in the QSYS library. This is not optional.

Determine the objects you’re going to secure with the authorization list.

In this example, you are going to secure all of the files associated with a Human Resources application.

To associate the authorization list with the files, run the following command. This associates all of the files in the HR_LIB library with the HR_AUTL authorization list.

            GRTOBJAUT OBJ(HR_LIB/*ALL) OBJTYPE(*FILE) AUTL(HR_AUTL)

To associate an authorization list with an object in the Integrated File System use the Change Authority (CHGAUT) command

            CHGAUT OBJ(‘/ADP_FTP_TRANSFER’) AUTL(HR_AUTL)

For the users needing authority to the files which are secured by the list, grant them authority to the list.

Run the Add Authorization List Entry (ADDAUTLE) command. In this case, the Human Resources group profile, GRP_HR is being granted *USE authority to the HR_AUTL authorization list.

Read More.

In This Issue


Featured Article
 Why Authorization Lists?
by Guest Author
Carol Woodbury

Featured Youtube Video
Misconceptions - Authorization Lists

Security Shorts
 Changing Object Journaling Options

Industry News and Calendar

Security Resources


Quick Links

SecureMyi Website

Security Training from The 400 School

SecureMyi Newsletter Home and Archives



Please Visit Our Sponsors


Platinum Sponsor
     Cilasoft Security Solutions


Gold Sponsor
    Software Engineering of America


Silver Sponsor
    Skyview Partners, Inc

    The 400 School, Inc

IBM i Security and Audit Resources

IBM i. iSeries and AS/400 Security

Free Security Videos from Securemyi.com

IBM i Security Reference - IBM i 6.1

IBM i Security Reference - IBM i 7.1


Recently Added

SecureMyi Security Newsletter Archives

QAUDJRN Audit Types By AUDLVL 6.1

QAUDJRN Entry Type Record Layouts 6.1



General Security & Compliance Resources

PCI SSC Data Security Standards

COBIT Framework - ISACA

HIPAA Resources

HITECH Enforcement

CISSP - Certification


Follow securemyi on Twitter




Follow securemyi on YouTube

Security Compliance Automation Tools - Designed by Carol Woodbury - Security Policy Compliance - Vulnerability Assessments - Audit Journal Reporting - Register today for a FREE Trial! - Brought to you by SkyView Partners



SEA - Expert Webinar - Assess your Security on IBM i

IBM i Security Calendar of Events


Live Security Webcasts for IBM i

Addressing and Automating Audit Requirements for IBM i
Presented by Carol Woodbury - Sponsored by Skyview Partners
Wednesday February 22 10:00 AM PST
More Information and Register to Attend


Beyond FTP: Securing and Automating File Transfers
Sponsored by Linoma Software
Wednesday February 22 12:00 PM CST
More Information and Register to Attend


Assessing your Security on the Power i
Expert Webinar Series - Sponsored by Software Engineering of America, Inc
Thursday March 1st 1:00 PM ET
More Information and Register to Attend



More IBM i Security Related Events

April 10-13 - Live Online - Expanded Security Workshop for IBM i
SecureMyi President Dan Riehl presents this 4-Day Hands-on Workshop in the Online
Virual Classroom for IBM i. Sponsored and Hosted by The 400 School, Inc.
More Information and Register to Attend


May 6-9 - COMMON User Group - Annual Conference and Expo - Anaheim, CA





Featured YouTube Educational Video

IBM i Security - Common Misconceptions - Using Authorization Lists

Featured Video - IBM i Security - Common Misconceptions - Using Authorization Lists

Cannot Access YouTube from your office? Download the video in wmv format.   Click to Download the wmv file
SEA - Expert Webinar - Assessing your Security on IBM i


Security Shorts -
Changing Database Journaling Options on the Fly

By Dan Riehl

A while back, I was confronted with a task in which I needed to change the journaling characteristics of a physical file. The file was being journaled with *AFTER images only, and I needed to change the journaling option to capture *BOTH the before and after images of database record changes.

I suspected I would need to end journaling of the file and then start journaling (STRJRNPF) with the *BOTH (before and after images) option. I didn't know all the ramifications that the stop and start would have, but I knew that I wanted to avoid it if possible. I was unaware of any way to do this. So I needed to check whether there was a way to change the journaling characteristics without ending the journaling of the file on a live system.

I used the CL command GO CMDJRN to review commands that relate to journaling, and I found the Change Journaled Object (CHGJRNOBJ) command. I prompted the command (F4) and pressed F1 to review the command help text. It turns out that the command was exactly what I was looking for. The CHGJRNOBJ command was introduced by IBM in OS/400 V5R3.

Here's a snippet from the command online help text from IBM.

The Change Journaled Object (CHGJRNOBJ) command changes the journaling attributes of a journaled object without the need to end and restart journaling for the object.

The command can be used to change the Images (IMAGES) value for a database file (*FILE) or a data area (*DTAARA) object without the need to end and restart journaling for the object.

The command can be used to change the Omit journal entry (OMTJRNE) value for a database file (*FILE), an integrated file system stream file (*STMF) or directory (*DIR) object without the need to end and restart journaling for the object.

Only one journaling attribute can be changed at a time.

Because I needed to change the IMAGES attribute from *AFTER to *BOTH, I used the command:

CHGJRNOBJ OBJ((MYLIB/MYFILE *FILE)) ATR(*IMAGES) IMAGES(*BOTH)

Then, in order to omit the Open and Close journal entries I used the command:

CHGJRNOBJ OBJ((MYLIB/MYFILE *FILE)) ATR(*OMTJRNE) OMTJRNE(*OPNCLOSYN)

As the help text says, you can change only one attribute per execution of the command--thus the need to run the command twice, once for each attribute to be changed.

Sponsored Links

IBM i, iSeries and AS/400
Security Services from SecureMyi

Expert Level Security Consulting
IT Security and Compliance Group, LLC

In Depth Security Assessment of IBM i
Upgrade to QSECURITY level 40 or 50
Forensic Research and Analysis
Audit Assistance and Remediation
Security Training for IT and Audit Staff
Security Software Selection & Configuration
Customized Security/System Programming


Subscribe to the SecureMyi Security Newsletter - Get Dan Riehl's book PowerTips for IBM i Security

Live Training from The 400 School, Inc

Live Online Hands-On Workshops
Special Winter/Spring Class Discounts


System Operations Workshop-Feb 27-29
System Administration & Control - Mar 12-16
Interactive RPG IV Programming - Mar 26-30
IBM i Security Workshop - Apr 10-13
Control Language Programming - Apr 16-20
Intro to RPG IV Programming - Apr 30-May 4

Send us your IBM i Security Related News and Events!           Sponsor the SecureMyi Security Newsletter

© Copyright 2012 - SecureMyi.com. All Rights Reserved

SecureMyi.com | St Louis MO 63017