Authority on Demand Control Authority Rights Emergency Access
- Slides: 47
Authority on Demand Control Authority Rights & Emergency Access
The Challenge • System i sites define user’s security levels and allocate security rights corresponding to the different job responsibilities in the organization • Emergency access to critical application data and processes is a potentially serious security breach which is often uncovered in System i audits. • Manual approaches to this problem are not only error-prone, but do not comply with regulations and auditor’s often stringent security requirements.
AOD Features • ADD and SWAP Security Levels (ADD is feature unique to AOD) – can ADD additional security rights to current user profile or grant a new security authority level. • Global Add SPCAUT • Authority Transfer On-Demand Rules & Providers - pre-define special authority "providers" and authority transfer rules. • Safe Recovery from Emergency – recover from emergency situations with minimum risk of human error and maximum reporting of activities while running with higher special authority. • Full Monitoring Capabilities - logs and monitors all relevant activities, and sends audit reports and real-time e-mail alerts when higher authority rights are provided. • Simple, Controlled Access – Only authorized users can grant authority or access critical data and processes and incorporates easy-to-use reporting and monitoring mechanisms. • Part of Comprehensive Solution - solidifies i. Security's position as the most comprehensive security solution for System i environments.
Authority on Demand Training
AOD main menu. We’ll enter option 5 to define Authority Providers.
Let’s look at how QSECOFR is defined.
Let’s look at option 1, AOD rules.
System Configuration
System Configuration
System Configuration
System Configuration
System Configuration
System Configuration
System Configuration
System Configuration
Using Authority on Demand
The request was rejected, enter DSPAODLOG. . .
… because it was not requested during off hours.
Let’s update the definition the Rule and remove the time group EVENING
AOD is starting, the first command DSPJOB is run automatically
Then the seconds Command WRKSPLF is run automatically
Note that the user profile authority has not changed
Note that the user profile authority has not changed
But the user profile now has QSECOFR rights
Reporting, an email is sent, a message is sent, a log is written
Auditing
Auditing More information can be retrieved via the AODLOG
Auditing More information can be retrieved via the AODLOG
Auditing
Auditing
Auditing More information can be retrieved via the AODLOG
Example SWAP profile
Example SWAP
Example SWAP Job user has changed
Thank You! Please visit us at www. srcsecuresolutions. eu
- Terminal access controller access control system
- Terminal access controller access-control system
- Marin emergency radio authority
- Water emergency transportation authority
- Positive rights vs negative rights
- Riparian rights
- Duties towards self
- Legal rights vs moral rights
- What is negative right
- Negative rights vs positive rights
- Negative right
- Positive rights and negative rights
- Critical manufacturing
- Line authority vs staff authority
- Access rights definition
- Individuals with access authority to general ledger
- Stochastic inventory model example
- Measures to correct deficient demand
- Market demand curve
- Independent demand adalah
- Grapikong paglalarawan halimbawa
- Independent demand examples
- Module 5 supply and demand introduction and demand
- Demand estimation
- Distinguish between individual demand and market demand
- Reorder point
- Emergency light system control using scr
- Juniper network access control
- Pac 512 wiring diagram
- Secure server access
- Webgoat missing function level access control
- Nac remediation
- Spread aloha multiple access in mobile computing
- Keyking access control
- Security access matrix
- Centralized access control
- 1997
- Alcea alwin
- Volo cloud based access control
- Secure access control server
- Originator controlled access control
- Access control matrix
- Media access control methods
- Access control matrix adalah
- Mac (media access control)
- Which modifier is used to control access to critical code
- Asc1204
- Access control mechanism in networking