Authority on Demand Release News

New Feature: Enable administrator to approve in real time a GETAOD request

New Feature: Use MFA beside or in addition to Pin code, when GETAOD is requested.

New Feature: MFA Verification methods are:  1=Cell, 2=Email, 3=Cell+Email (Half & Half)
This method is similar to the one in our MFA product (Person, mail, cell…), but does not require a license for it. 

New Feature: New “authority” type: 4=Trace (Only. Without changing authority)    GETAOD PRVDR(*TRACE) is an alternative

Cumulative changes from recent releases:

1. New menu option, 81/9 sets “At-End reports retention”, the data retention period in days. If set to “9999”, the data is retained indefinitely.
2. On the DSPAODHST, AOD main menu option 41 screen: the width of the screen is now 132 characters, allowing for two new fields: (the end time of elevated authority) and
3. To support iASP, the product subsystem now resides in SMZTMPC (instead of SMZODTA)
4. The GETAOD and RLSAOD commands now cannot be used from System Request menu.
5. Product only prints journal entries if user made changes during the Authority on Demand session.

Triple Syslog Definitions

Raz‐Lee’s iSecurity™ products now support sending Syslog messages to up to three (3)
SIEM products simultaneously:

• In AOD Main Menu, select option 81.
  The SYSLOG message is now enabled for multiple SIEM messages (note the SIEM 1, SIEM 2 and SIEM 3 option items) and message structures using built‐in as well as mixed variables and constants.
• The feature enables adjustable Port, Severity, Facility and Length while offering Syslog Types: UDP, TCP and TLS (encrypted) support in CEF and LEEF and user editable modes, using filters for relevant fields.
•  Processing of SIEM is done on a separate job per SIEM.
  A buffer exists to allow intermediate communication problems, or SIEM downtime.
• Once this buffer is full, the processing is delayed.
  A message is then sent to QSYSOPR, and an attempt is reconstructed while communication is made periodically and consistently.

In option 5, new notification message was added to alert customers if the user profile
to add as a provider does not exist in the system.

To view this new message, type: STRAOD>5>F6 and try to add a user named QUQU. The message should pop‐up.

• This option is relevant for AOD where the rule uses 1=Add authority. Once selected, it enables the user to submit jobs which will carry an elevated authority, regardless of the state of the submitting Authority on Demand™ (AOD) sessions. This unique capability is subject to retaining the value USER(*CURRENT) in the submitted job.
• Special consideration must be taken when activating the SBMJOB command with F4=Prompt: If the user practices F4=Prompt for the command Submit job (SBMJOB) the parameter Command (CMD) is not displayed and cannot be changed. To bypass this issue, use the command AODSBMJOB instead. This command allows changes to the parameter (CMD), including the usage of F4.

• This is a replacement for the SBMJOB command. Using the command GETAOD, the user can add an authority session. It enables regular usage of for the Command (CMD) parameter.