Home » Products » Cyber & Security » Authority on Demand

iSecurity Authority on Demand

Elevated user authorities for IBM i

Flexible Control of User Authorities


iSecurity Authority on Demand provides an advanced solution for emergency access to critical application data and processes, which is one of the most common security slips identifiable to auditors in IBM i audits. Current manual approaches to such situations are not only error-prone, but do not comply with regulations and auditor’s often stringent security requirements.

iSecurity Authority on Demand saves valuable time and resources, enforces segregation of duties and enables relevant personnel to obtain access to approved information when needed. Its real-time audit of access rights protects sensitive corporate assets and significantly reduces the number of profiles with powerful special authorities.

iSecurity Authority on Demand simplifies the process of granting special authorities when necessary, and incorporates easy-to-use reporting and monitoring mechanisms to ensure that this extremely sensitive and potentially dangerous capability is not misused. It also enables recovery from different types of emergency situations with minimum chances for human error.

elevated authority for IBM i
Play Video

iSecurity Authority on Demand Elevated Authorities Options

iSecurity Authority on Demand Key Features:

  • Provides users different authority profiles on an as-needed basis based upon pre-defined rules
  • Logs all product and requestor related activities as well as all user’s activities while operating with a different authority profile
  • Site-definable email message alerts and SYSLOG messages
  • Capabilities for restricting requestors
  • PIN number verification
  • User-friendly GUI interface
  • User Exit Program can override decision to allow or reject an authority request

One of system administrators’ greater challenges is to reduce authorities while still allowing the organization to function properly. However, permissions are generally granted on a permanent basis. This means that people receive full authorities even if they use them rarely. Because of this, too many people have too much authority – a potentially dangerous situation which could lead to security breaches.

Authority on Demand (AOD) is a unique product for controlling user permissions while flexibly responding to emergency security needs of an organization. AOD can provide temporary authorities to a user when needed, while fully monitoring the user’s activity when the authorities are active.

AOD reduces the number of profiles with high authorities, while enabling relevant personnel to easily obtain access to processes and business-critical information when needed.

AOD uses advanced logging and reporting facilities to provide internal and external auditors with complete audit trails including actual user screenshots and lists of user activities while running with higher authority. All these capabilities enable AOD to save valuable time and resources.

  • Easy to Use – AOD simplifies the process of granting special authorities when necessary, and incorporates advanced reporting and monitoring mechanisms.
  • Add/Swap Security Levels (unique feature) – AOD can grant an alternative authority level or add additional security rights to an existing user profile.
  • Fully Monitored Temporary Permissions – AOD provides temporary authority, then prints the system audit log (QAUDJRN), and captures user screen images while the temporary authority is valid.
  • Authority Transfer Rules & Providers – AOD enables pre-defining special authority “providers” and special authority transfer rules such as time-limited authority transfers and optional PIN codes.
  • Safe Recovery from Emergency – AOD enables recovering from different types of emergency situations with minimum risk of human error.
  • Extensive Monitoring – AOD logs and monitors relevant activities, producing regular audit reports and real-time e-mail, SMS or SYSLOG alerts when higher authority is requested.
  • Controlled Access – AOD allows only relevant personnel to access critical data and processes.
  • Multiple Reports – AOD creates reports by time, time range, the user who requested authority (requester), the user who provided authority (provider), operation type, job name (workstation), time groups and more.
  • Three levels of product usage: Full, Auditor (read-only) and Emergency.

Related IBM i Security Products